> Tous les forums > Forum Sécurité
 AVG report Win32/Patched.DX virus/rootkit/malware
Ajouter un message à la discussion
Pages : [1] 2 3 ... Fin
Page 1 sur 3 [Fin]
gaby.zeze
  Posté le 23/07/2010 @ 13:20 
Aller en bas de la page 
Petite astucienne

Bonjour,


J'ai un rootkit ou malware ou virus (?).

J'ai tenté Malwarebytes, Combofix, Navilog, plein de choses .. mais le rootkit/virus est toujours présent ..

Et je ne suis pas un experte ...

Pourriez-vous m'aider?



J'utilise AVG. Firefox et IE sont devenus très lent et surtout me redirige vers d'autres pages.

J'ai scanné l'ordinateur avec AVG : infecté par le "Win32/Patched.DX" virus et il ne peut pas être enlevé.

Je lance ComboFix, il m'alerte de la présence d'un rootkit, il supprime certains fichiers, mais le problème (redirection et lenteur) existe toujours.

Il y a t'il un risque de vol de mot de passe de mes comptes mail, de lecture de données sur mon PC ?



Merci par avance si vous savez comment résoudre ce pb ...

Ci dessous, mes rapports Combofix et HiJackThis

------------------------------

Combofix report :

ComboFix 10-07-21.02 - Gabrielle 22/07/2010 10:15:27.24.2 - x86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1270.980 [GMT 2:00]
Lancé depuis: d:\_programmes\avast\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\driVERs\aculp.sys
c:\windows\system32\egypack.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_aculp
-------\Service_aculp


((((((((((((((((((((((((((((( Fichiers créés du 2010-06-22 au 2010-07-22 ))))))))))))))))))))))))))))))))))))
.

2010-07-22 07:24 . 2010-07-22 07:24 -------- d-----w- c:\program files\Sophos
2010-07-21 21:56 . 2010-05-31 14:34 702120 ----a-w- c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-07-21 21:56 . 2010-05-31 14:34 868456 ----a-w- c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-07-20 19:01 . 2010-07-20 19:01 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-20 19:01 . 2010-07-20 19:01 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-20 19:01 . 2010-07-20 19:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-20 19:00 . 2010-07-20 19:00 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-20 19:00 . 2010-07-20 19:00 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-20 19:00 . 2010-07-20 19:00 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-20 19:00 . 2010-07-20 19:00 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-20 12:45 . 2010-07-20 12:46 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\C872823DD684626BD31C1A8FB9EB26BE
2010-07-02 11:28 . 2010-07-02 11:19 204800 ----a-w- c:\windows\system32\ioncube_loader_win_5.0.dll
2010-07-02 11:19 . 2010-07-02 11:19 -------- d-----w- c:\program files\ioncube
2010-06-25 07:37 . 2010-06-25 07:37 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 07:43 . 2010-05-27 09:44 -------- d-----w- c:\program files\Fichiers communs\Akamai
2010-07-22 06:56 . 2004-08-10 12:00 3717954 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-22 06:56 . 2004-08-10 12:00 1808188 ----a-w- c:\windows\system32\perfc00C.dat
2010-07-21 22:00 . 2009-12-25 20:24 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\QuickScan
2010-07-21 21:34 . 2004-08-10 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2010-07-20 21:47 . 2009-12-13 10:44 -------- d-----w- c:\program files\Navilog1
2010-07-20 19:51 . 2008-09-12 20:38 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-07-20 19:01 . 2010-01-01 19:58 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-20 19:01 . 2010-01-01 19:58 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-10 11:03 . 2008-10-29 14:32 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\FileZilla
2010-07-07 15:25 . 2008-10-02 12:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-25 07:37 . 2010-01-01 19:58 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-22 14:19 . 2008-09-12 21:48 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\OpenOffice.org2
2010-06-22 14:19 . 2008-09-12 21:49 1 ----a-w- c:\documents and settings\Gabrielle\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-06-08 09:24 . 2010-06-08 09:24 7031 ----a-w- c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\ScrapBook\data\20100608112452\mrgeorge.blogspot.com
2010-05-27 16:48 . 2010-05-27 16:48 503808 ----a-w- c:\documents and settings\Gabrielle\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7fa67273-n\msvcp71.dll
2010-05-27 16:48 . 2010-05-27 16:48 499712 ----a-w- c:\documents and settings\Gabrielle\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7fa67273-n\jmc.dll
2010-05-27 16:48 . 2010-05-27 16:48 348160 ----a-w- c:\documents and settings\Gabrielle\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7fa67273-n\msvcr71.dll
2010-05-27 11:49 . 2008-09-13 14:06 37816 ----a-w- c:\documents and settings\Gabrielle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-27 11:22 . 2010-05-27 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-05-27 11:15 . 2010-05-27 11:15 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-05-27 09:30 . 2010-05-27 09:30 -------- d-----w- c:\program files\Jasc Software Inc
2009-03-05 16:08 . 2009-08-16 20:25 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-07-20_14.08.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-11 09:42 . 2009-05-11 09:42 59888 c:\windows\system32\pxwma.dll
+ 2009-04-17 10:28 . 2009-04-17 10:28 68080 c:\windows\system32\pxinsa64.exe
+ 2009-04-17 10:28 . 2009-04-17 10:28 68080 c:\windows\system32\pxcpya64.exe
+ 2009-04-17 01:00 . 2009-04-17 01:00 44944 c:\windows\system32\drivers\pxhelp20.sys
+ 2008-03-12 01:00 . 2008-03-12 01:00 9200 c:\windows\system32\drivers\cdralw2k.sys
+ 2008-03-12 01:00 . 2008-03-12 01:00 9072 c:\windows\system32\drivers\cdr4_xp.sys
+ 2009-03-23 23:01 . 2009-03-23 23:01 100848 c:\windows\system32\vxblock.dll
+ 2009-05-11 09:42 . 2009-05-11 09:42 440816 c:\windows\system32\PxWave.dll
+ 2009-05-11 09:42 . 2009-05-11 09:42 219632 c:\windows\system32\PxMas.dll
+ 2009-04-17 10:28 . 2009-04-17 10:28 125424 c:\windows\system32\pxinsi64.exe
+ 2009-04-08 23:02 . 2009-04-08 23:02 559600 c:\windows\system32\pxdrv.dll
+ 2009-04-17 10:28 . 2009-04-17 10:28 123888 c:\windows\system32\pxcpyi64.exe
+ 2009-05-11 09:42 . 2009-05-11 09:42 678384 c:\windows\system32\Px.dll
+ 2010-07-20 21:48 . 2010-07-20 21:48 212992 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2010-07-20 21:48 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-05-11 09:42 . 2009-05-11 09:42 2083312 c:\windows\system32\PxSFS.DLL
+ 2004-08-10 12:00 . 2010-07-22 06:56 2269856 c:\windows\system32\perfh009.dat
+ 2004-08-10 12:00 . 2010-07-22 06:56 1627972 c:\windows\system32\perfc009.dat
+ 2010-07-20 21:48 . 2010-07-20 21:48 18698240 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-20 2065760]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AdobeAAMUpdater-1.0"="c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-20 19:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 08:21 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2563:TCP"= 2563:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/01/2010 21:58 243024]
S0 virq;virq;c:\windows\system32\drivers\zuxvh.sys --> c:\windows\system32\drivers\zuxvh.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/01/2010 21:58 216400]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [10/08/2004 14:00 14336]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [20/07/2010 21:01 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [20/07/2010 21:01 308136]
S2 gupdate1c98394c3fa3d08;Google Update Service (gupdate1c98394c3fa3d08);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2009 13:12 133104]
S2 nscpjapu;Synaptics TouchPad Controller;c:\windows\System32\svchost.exe -k netsvcs [10/08/2004 14:00 14336]
S3 DOSMEMIO;MEMIO;\??\e:\memio.sys --> e:\MEMIO.SYS [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1A.tmp --> c:\windows\system32\1A.tmp [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nscpjapu
.
Contenu du dossier 'Tâches planifiées'

2010-07-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-INSPIRON-Gabrielle.job
- c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-27 01:44]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 11:12]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 11:12]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.fr/s/v/61.11/uploader2.cab
FF - ProfilePath - c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - component: c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-22 10:28
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8963FB4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf75adcb8
\Driver\atapi -> atapi.sys @ 0xf749f852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7858bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7847a0d
SendHandler -> NDIS.sys @ 0xf785bb40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1A.tmp"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Heure de fin: 2010-07-22 10:37:01 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-07-22 08:36
ComboFix2.txt 2010-07-20 21:27
ComboFix3.txt 2010-07-20 16:19
ComboFix4.txt 2010-07-20 14:17
ComboFix5.txt 2010-07-22 08:09

Avant-CF: 4 984 152 064 octets libres
Après-CF: 4 997 554 176 octets libres

- - End Of File - - 8D3EA7AE40E76BFC0DC7A494FBA8F4F9


------------------------------------------


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:14:55, on 22/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\_Programmes\avast\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.fr/s/v/61.11/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1262347440647
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1262347418694
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E6D48CC-8C3C-464E-92EF-E14DF38BB340}: Domain = localhost.localdomain
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Update Service (gupdate1c98394c3fa3d08) (gupdate1c98394c3fa3d08) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 7268 bytes


----------------------------------------------------------

Par avance Merci,
Gaby


Publicité
chrifleur
 Posté le 23/07/2010 à 16:27 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

bonjour

rapports en examen

poste moi ces rapports

ComboFix2.txt 2010-07-20 21:27
ComboFix3.txt 2010-07-20 16:19
ComboFix4.txt 2010-07-20 14:17
ComboFix5.txt 2010-07-22 08:09

gaby.zeze
 Posté le 23/07/2010 à 17:04 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Bonjour,

Merci de votre intervention,

Les rapports :


ComboFix2.txt 2010-07-20 21:27

ComboFix 10-07-19.05 - Gabrielle 20/07/2010 23:12:35.23.2 - x86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1270.986 [GMT 2:00]
Lancé depuis: d:\_programmes\avast\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Bbusoa.exe
c:\windows\Bbusob.exe
c:\windows\system32\sshnas21.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-06-20 au 2010-07-20 ))))))))))))))))))))))))))))))))))))
.

2010-07-20 19:01 . 2010-07-20 19:01 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-20 19:01 . 2010-07-20 19:01 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-20 19:00 . 2010-07-20 19:00 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-20 19:00 . 2010-07-20 19:00 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-20 19:00 . 2010-07-20 19:00 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-20 19:00 . 2010-07-20 19:00 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-20 12:46 . 2010-07-20 21:24 766976 ----a-w- c:\windows\system32\drivers\aculp.sys
2010-07-20 12:45 . 2010-07-20 12:46 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\C872823DD684626BD31C1A8FB9EB26BE
2010-07-02 11:28 . 2010-07-02 11:19 204800 ----a-w- c:\windows\system32\ioncube_loader_win_5.0.dll
2010-07-02 11:19 . 2010-07-02 11:19 -------- d-----w- c:\program files\ioncube
2010-06-25 07:37 . 2010-06-25 07:37 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-25 07:37 . 2010-06-25 07:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 20:34 . 2010-05-27 09:44 -------- d-----w- c:\program files\Fichiers communs\Akamai
2010-07-20 19:51 . 2008-09-12 20:38 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-07-20 19:01 . 2010-01-01 19:58 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-20 19:01 . 2010-01-01 19:58 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-20 17:19 . 2004-08-10 12:00 3690334 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-20 17:19 . 2004-08-10 12:00 1794648 ----a-w- c:\windows\system32\perfc00C.dat
2010-07-10 11:03 . 2008-10-29 14:32 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\FileZilla
2010-07-07 15:25 . 2008-10-02 12:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-25 07:37 . 2010-01-01 19:58 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-22 14:19 . 2008-09-12 21:48 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\OpenOffice.org2
2010-06-22 14:19 . 2008-09-12 21:49 1 ----a-w- c:\documents and settings\Gabrielle\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-06-08 09:24 . 2010-06-08 09:24 7031 ----a-w- c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\ScrapBook\data\20100608112452\mrgeorge.blogspot.com
2010-05-27 16:48 . 2010-05-27 16:48 503808 ----a-w- c:\documents and settings\Gabrielle\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7fa67273-n\msvcp71.dll
2010-05-27 16:48 . 2010-05-27 16:48 499712 ----a-w- c:\documents and settings\Gabrielle\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7fa67273-n\jmc.dll
2010-05-27 16:48 . 2010-05-27 16:48 348160 ----a-w- c:\documents and settings\Gabrielle\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7fa67273-n\msvcr71.dll
2010-05-27 11:49 . 2008-09-13 14:06 37816 ----a-w- c:\documents and settings\Gabrielle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-27 11:22 . 2010-05-27 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-05-27 11:15 . 2010-05-27 11:15 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-05-27 09:30 . 2010-05-27 09:30 -------- d-----w- c:\program files\Jasc Software Inc
2009-03-05 16:08 . 2009-08-16 20:25 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-07-20_14.08.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-11 09:42 . 2009-05-11 09:42 59888 c:\windows\system32\pxwma.dll
+ 2009-04-17 10:28 . 2009-04-17 10:28 68080 c:\windows\system32\pxinsa64.exe
+ 2009-04-17 10:28 . 2009-04-17 10:28 68080 c:\windows\system32\pxcpya64.exe
+ 2009-04-17 01:00 . 2009-04-17 01:00 44944 c:\windows\system32\drivers\pxhelp20.sys
+ 2008-03-12 01:00 . 2008-03-12 01:00 9200 c:\windows\system32\drivers\cdralw2k.sys
+ 2008-03-12 01:00 . 2008-03-12 01:00 9072 c:\windows\system32\drivers\cdr4_xp.sys
+ 2009-03-23 23:01 . 2009-03-23 23:01 100848 c:\windows\system32\vxblock.dll
+ 2009-05-11 09:42 . 2009-05-11 09:42 440816 c:\windows\system32\PxWave.dll
+ 2009-05-11 09:42 . 2009-05-11 09:42 219632 c:\windows\system32\PxMas.dll
+ 2009-04-17 10:28 . 2009-04-17 10:28 125424 c:\windows\system32\pxinsi64.exe
+ 2009-04-08 23:02 . 2009-04-08 23:02 559600 c:\windows\system32\pxdrv.dll
+ 2009-04-17 10:28 . 2009-04-17 10:28 123888 c:\windows\system32\pxcpyi64.exe
+ 2009-05-11 09:42 . 2009-05-11 09:42 678384 c:\windows\system32\Px.dll
+ 2009-05-11 09:42 . 2009-05-11 09:42 2083312 c:\windows\system32\PxSFS.DLL
+ 2004-08-10 12:00 . 2010-07-20 17:19 2256176 c:\windows\system32\perfh009.dat
+ 2004-08-10 12:00 . 2010-07-20 17:19 1616212 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-25 2065248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AdobeAAMUpdater-1.0"="c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-25 07:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 08:21 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/01/2010 21:58 243024]
S0 virq;virq;c:\windows\system32\drivers\zuxvh.sys --> c:\windows\system32\drivers\zuxvh.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/01/2010 21:58 216400]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [10/08/2004 14:00 14336]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [25/06/2010 09:36 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [25/06/2010 09:37 308064]
S2 gupdate1c98394c3fa3d08;Google Update Service (gupdate1c98394c3fa3d08);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2009 13:12 133104]
S2 nscpjapu;Synaptics TouchPad Controller;c:\windows\System32\svchost.exe -k netsvcs [10/08/2004 14:00 14336]
S3 DOSMEMIO;MEMIO;\??\e:\memio.sys --> e:\MEMIO.SYS [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - aculp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nscpjapu
.
Contenu du dossier 'Tâches planifiées'

2010-07-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-INSPIRON-Gabrielle.job
- c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-27 01:44]

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 11:12]

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 11:12]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.fr/s/v/61.11/uploader2.cab
FF - ProfilePath - c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - component: c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 23:23
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89587B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf75adcb8
\Driver\atapi -> atapi.sys @ 0xf785f852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xba744bb0
PacketIndicateHandler -> NDIS.sys @ 0xba733a0d
SendHandler -> NDIS.sys @ 0xba747b40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aculp]

.
Heure de fin: 2010-07-20 23:27:09
ComboFix-quarantined-files.txt 2010-07-20 21:27
ComboFix2.txt 2010-07-20 16:19
ComboFix3.txt 2010-07-20 14:17
ComboFix4.txt 2010-01-03 11:59
ComboFix5.txt 2010-07-20 21:06

Avant-CF: 5 114 609 664 octets libres
Après-CF: 5 105 762 304 octets libres

- - End Of File - - A7AE7127DDC22364A8FF1ACC6547F1CC

gaby.zeze
 Posté le 23/07/2010 à 17:05 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

ComboFix3.txt 2010-07-20 16:19

ComboFix 10-07-19.05 - Gabrielle 20/07/2010 18:01:56.22.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1270.701 [GMT 2:00]
Lancé depuis: d:\_programmes\avast\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ComboFix a rencontré une erreur fatale !!

((((((((((((((((((((((((((((( Fichiers créés du 2010-06-20 au 2010-07-20 ))))))))))))))))))))))))))))))))))))
.

2010-07-20 16:11 . 2010-07-20 16:11 43225 ----a-w- C:\ComboFix_error.dat
2010-07-20 12:46 . 2010-07-20 16:14 766976 ----a-w- c:\windows\system32\drivers\aculp.sys
2010-07-20 12:45 . 2010-07-20 12:46 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\C872823DD684626BD31C1A8FB9EB26BE
2010-07-02 11:28 . 2010-07-02 11:19 204800 ----a-w- c:\windows\system32\ioncube_loader_win_5.0.dll
2010-07-02 11:19 . 2010-07-02 11:19 -------- d-----w- c:\program files\ioncube
2010-06-25 07:37 . 2010-06-25 07:37 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-25 07:37 . 2010-06-25 07:37 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-06-25 07:37 . 2010-06-25 07:37 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-25 07:37 . 2010-06-25 07:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 16:09 . 2010-05-27 09:44 -------- d-----w- c:\program files\Fichiers communs\Akamai
2010-07-20 16:00 . 2004-08-10 12:00 3687572 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-20 16:00 . 2004-08-10 12:00 1793294 ----a-w- c:\windows\system32\perfc00C.dat
2010-07-10 11:03 . 2008-10-29 14:32 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\FileZilla
2010-07-07 15:25 . 2008-10-02 12:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-25 07:37 . 2010-01-01 19:58 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-25 07:37 . 2010-01-01 19:58 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-25 07:36 . 2010-01-01 19:58 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-22 14:19 . 2008-09-12 21:48 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\OpenOffice.org2
2010-06-22 14:19 . 2008-09-12 21:49 1 ----a-w- c:\documents and settings\Gabrielle\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-06-08 09:24 . 2010-06-08 09:24 7031 ----a-w- c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\ScrapBook\data\20100608112452\mrgeorge.blogspot.com
2010-05-27 16:48 . 2010-05-27 16:48 503808 ----a-w- c:\documents and settings\Gabrielle\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7fa67273-n\msvcp71.dll
2010-05-27 16:48 . 2010-05-27 16:48 499712 ----a-w- c:\documents and settings\Gabrielle\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7fa67273-n\jmc.dll
2010-05-27 16:48 . 2010-05-27 16:48 348160 ----a-w- c:\documents and settings\Gabrielle\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7fa67273-n\msvcr71.dll
2010-05-27 11:49 . 2008-09-13 14:06 37816 ----a-w- c:\documents and settings\Gabrielle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-27 11:47 . 2008-09-12 20:38 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-05-27 11:22 . 2010-05-27 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-05-27 11:15 . 2010-05-27 11:15 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-05-27 09:30 . 2010-05-27 09:30 -------- d-----w- c:\program files\Jasc Software Inc
2009-03-05 16:08 . 2009-08-16 20:25 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-07-20_14.08.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-20 16:00 . 2010-07-20 16:00 16384 c:\windows\temp\Perflib_Perfdata_734.dat
+ 2010-07-20 16:00 . 2010-07-20 16:00 16384 c:\windows\temp\Perflib_Perfdata_3ac.dat
+ 2004-08-10 12:00 . 2010-07-20 16:00 2254808 c:\windows\system32\perfh009.dat
+ 2004-08-10 12:00 . 2010-07-20 16:00 1615036 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-25 2065248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AdobeAAMUpdater-1.0"="c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-25 07:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 08:21 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1105:TCP"= 1105:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/01/2010 21:58 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/01/2010 21:58 242896]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [10/08/2004 14:00 14336]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [25/06/2010 09:36 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [25/06/2010 09:37 308064]
S0 virq;virq;c:\windows\system32\drivers\zuxvh.sys --> c:\windows\system32\drivers\zuxvh.sys [?]
S2 gupdate1c98394c3fa3d08;Google Update Service (gupdate1c98394c3fa3d08);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2009 13:12 133104]
S2 nscpjapu;Synaptics TouchPad Controller;c:\windows\System32\svchost.exe -k netsvcs [10/08/2004 14:00 14336]
S3 DOSMEMIO;MEMIO;\??\e:\memio.sys --> e:\MEMIO.SYS [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - aculp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nscpjapu
.
Contenu du dossier 'Tâches planifiées'

2010-07-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-INSPIRON-Gabrielle.job
- c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-27 01:44]

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 11:12]

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 11:12]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.fr/s/v/61.11/uploader2.cab
FF - ProfilePath - c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - component: c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 18:13
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89689B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7ecb8
\Driver\atapi -> atapi.sys @ 0xb9e4e852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d5abb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d49a0d
SendHandler -> NDIS.sys @ 0xb9d5db40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aculp]

.
Heure de fin: 2010-07-20 18:18:57
ComboFix-quarantined-files.txt 2010-07-20 16:18
ComboFix2.txt 2010-07-20 14:17
ComboFix3.txt 2010-01-03 11:59
ComboFix4.txt 2009-12-25 20:01
ComboFix5.txt 2010-07-20 15:54

Avant-CF: 4 375 576 576 octets libres
Après-CF: 4 364 746 752 octets libres

- - End Of File - - D84C5767FE4DC5392B78DE619D244B73

gaby.zeze
 Posté le 23/07/2010 à 17:10 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

ComboFix4.txt 2010-07-20 14:17 - PREMIERE PARTIE


ComboFix 10-07-19.05 - Gabrielle 20/07/2009 15:52:52.21.2 - x86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1270.985 [GMT 2:00]
Lancé depuis: d:\_programmes\avast\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gabrielle\Application Data\Sky-Banners
c:\documents and settings\Gabrielle\Application Data\Street-Ads
c:\documents and settings\Gabrielle\Local Settings\Application Data\cbjmojvpq
c:\documents and settings\Gabrielle\Local Settings\Application Data\cbjmojvpq\uwnwqhctssd.exe
c:\documents and settings\LocalService\Local Settings\Application Data\uqekuq._dl
c:\windows\$NtUninstallMTF1011$
c:\windows\$NtUninstallMTF1011$\apUninstall.exe
c:\windows\$NtUninstallMTF1011$\zrpt.xml
c:\windows\Bbusoa.exe
c:\windows\Bbusob.exe
c:\windows\Bbusoc.exe
c:\windows\SEC
c:\windows\SEC\CLEANUPFOLDER.INI
c:\windows\SEC\CONFIGSYS.EXE
c:\windows\SEC\DELDR.EXE
c:\windows\SEC\DOTNETFX.EXE
c:\windows\SEC\JRE150.EXE
c:\windows\SEC\KB900325-FRN.EXE
c:\windows\SEC\LANGPACK.EXE
c:\windows\SEC\NDP1.1SP1-KB867460-X86.EXE
c:\windows\SEC\SECINSTALL.EXE
c:\windows\SEC\SECINSTALL.INI
c:\windows\system32\nwxap.dll
c:\windows\system32\ReadMe.txt
c:\windows\system32\rwxap.dll
c:\windows\system32\st325602.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((((((( Fichiers créés du 2009-06-20 au 2009-07-20 ))))))))))))))))))))))))))))))))))))
.

2010-07-20 12:46 . 2009-07-20 14:09 766976 ----a-w- c:\windows\system32\drivers\aculp.sys
2010-07-20 12:45 . 2010-07-20 12:46 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\C872823DD684626BD31C1A8FB9EB26BE
2010-07-02 11:28 . 2010-07-02 11:19 204800 ----a-w- c:\windows\system32\ioncube_loader_win_5.0.dll
2010-07-02 11:19 . 2010-07-02 11:19 -------- d-----w- c:\program files\ioncube
2010-06-25 07:37 . 2010-06-25 07:37 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-25 07:37 . 2010-06-25 07:37 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-06-25 07:37 . 2010-06-25 07:37 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-25 07:37 . 2010-06-25 07:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-08 09:24 . 2010-06-08 09:24 7031 ----a-w- c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\ScrapBook\data\20100608112452\mrgeorge.blogspot.com
2010-05-27 16:48 . 2010-05-27 16:48 503808 ----a-w- c:\documents and settings\Gabrielle\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7fa67273-n\msvcp71.dll
2010-05-27 16:48 . 2010-05-27 16:48 499712 ----a-w- c:\documents and settings\Gabrielle\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7fa67273-n\jmc.dll
2010-05-27 16:48 . 2010-05-27 16:48 348160 ----a-w- c:\documents and settings\Gabrielle\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7fa67273-n\msvcr71.dll
2010-05-27 11:22 . 2010-05-27 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-05-27 11:15 . 2010-05-27 11:15 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-05-27 09:44 . 2009-07-20 14:06 -------- d-----w- c:\program files\Fichiers communs\Akamai
2010-05-27 09:30 . 2010-05-27 09:30 -------- d-----w- c:\program files\Jasc Software Inc
2010-03-20 11:55 . 2010-03-20 11:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-03-11 07:12 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-10 21:23 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-05 08:13 . 2010-03-05 08:13 947472 ----a-w- c:\windows\system32\msjava.dll
2010-03-04 08:37 . 2010-03-04 08:37 -------- d-----w- c:\documents and settings\Gabrielle\Local Settings\Application Data\Thunderbird
2010-03-04 08:37 . 2010-03-04 08:37 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\Thunderbird
2010-03-04 08:37 . 2010-05-15 14:20 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-28 17:21 . 2010-02-28 17:21 -------- d-sh--w- c:\documents and settings\All Users\DRM
2010-02-20 10:13 . 2010-02-20 10:13 152576 ----a-w- c:\documents and settings\Gabrielle\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-20 10:02 . 2010-02-20 10:02 -------- d-----w- C:\found.000
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-01-06 13:48 . 2010-01-06 13:48 -------- d-----w- c:\program files\Trend Micro
2010-01-06 13:05 . 2010-01-06 13:05 -------- d-----w- c:\windows\ie8updates
2010-01-06 13:04 . 2009-12-21 19:06 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-06 13:04 . 2009-12-21 19:07 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-05 10:18 . 2010-01-05 10:18 -------- d-sh--w- c:\documents and settings\Gabrielle\IECompatCache
2010-01-03 23:12 . 2010-01-03 23:12 -------- d-sh--w- c:\documents and settings\Gabrielle\PrivacIE
2010-01-03 11:10 . 2010-01-03 11:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-03 10:53 . 2010-01-03 10:53 -------- d-----w- c:\program files\Sunbelt Software
2010-01-03 10:52 . 2010-01-03 10:52 -------- d-----w- c:\windows\Internet Logs
2010-01-02 23:34 . 2010-01-02 23:34 -------- d-sh--w- c:\documents and settings\Gabrielle\IETldCache
2010-01-02 23:27 . 2010-01-02 23:31 -------- dc-h--w- c:\windows\ie8
2010-01-02 04:09 . 2010-01-02 04:09 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\AVG9
2010-01-01 19:58 . 2010-01-02 04:16 -------- d-----w- C:\$AVG
2010-01-01 19:58 . 2010-06-25 07:37 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-01 19:58 . 2010-06-25 07:36 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-01 19:58 . 2010-06-25 07:37 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-01 19:58 . 2010-07-20 12:04 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-01 19:58 . 2010-01-01 19:58 -------- d-----w- c:\program files\AVG
2010-01-01 19:58 . 2010-01-01 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-01 12:20 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-01 12:15 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-25 20:24 . 2009-12-25 20:59 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\QuickScan
2009-12-25 19:46 . 2009-12-25 19:46 401408 ----a-w- c:\windows\system32\CF31800.exe
2009-12-25 16:04 . 2009-12-25 20:21 -------- d-----w- c:\windows\BDOSCAN8
2009-12-22 18:39 . 2009-12-22 18:39 922112 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2009-12-22 18:39 . 2009-12-22 18:39 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-12-22 18:39 . 2009-12-22 18:39 62592 -c----w- c:\windows\system32\dllcache\cdrom.sys
2009-12-22 18:39 . 2009-12-22 18:39 426496 -c----w- c:\windows\system32\dllcache\imapi2.dll
2009-12-22 18:39 . 2009-12-22 18:39 426496 ------w- c:\windows\system32\imapi2.dll
2009-12-17 07:41 . 2009-12-17 07:41 347648 -c----w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:09 . 2009-12-14 07:09 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-13 13:49 . 2009-12-13 14:39 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\CheckPoint
2009-12-13 13:49 . 2009-12-13 15:12 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-13 11:51 . 2009-12-13 11:51 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-12-13 11:41 . 2009-12-25 21:04 -------- d-----w- C:\SDFix
2009-12-13 10:44 . 2009-07-20 13:16 -------- d-----w- c:\program files\Navilog1
2009-12-12 11:23 . 2009-12-13 19:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-12 11:23 . 2009-12-12 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-27 17:13 . 2009-11-27 17:13 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 16:08 . 2009-11-27 16:08 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:08 . 2009-11-27 16:08 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:08 . 2009-11-27 16:08 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2009-11-25 11:13 . 2009-11-25 11:13 -------- d-----w- c:\program files\Poedit
2009-11-13 10:15 . 1999-09-04 20:23 91136 ----a-r- c:\windows\system32\msls2.dll
2009-11-06 15:57 . 2010-02-20 10:13 79488 ----a-w- c:\documents and settings\Gabrielle\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-10-28 12:32 . 2009-10-28 12:32 -------- d-----w- c:\program files\Fichiers communs\Vbox
2009-10-28 12:32 . 2002-01-24 10:00 1798144 ----a-w- c:\documents and settings\Gabrielle\Application Data\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin.dll
2009-10-28 12:32 . 2002-03-05 22:38 147456 ----a-w- c:\documents and settings\Gabrielle\Application Data\Macromedia\Flash MX\Configuration\Importers\AIImport.dll
2009-10-28 12:32 . 2002-02-06 11:23 1085440 ----a-w- c:\documents and settings\Gabrielle\Application Data\Macromedia\Flash MX\Configuration\Importers\FhDbRdr.dll
2009-10-28 12:32 . 2002-02-02 09:52 2088960 ----a-w- c:\documents and settings\Gabrielle\Application Data\Macromedia\Flash MX\Configuration\Importers\Fireworks Importer.dll
2009-10-28 12:32 . 2002-03-05 20:23 815104 ----a-w- c:\documents and settings\Gabrielle\Application Data\Macromedia\Flash MX\Configuration\authplay.dll
2009-10-28 12:32 . 2009-10-28 12:32 -------- d-----w- c:\program files\Macromedia
2009-10-28 11:36 . 2010-01-28 14:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-28 11:35 . 2009-10-28 11:35 -------- d-----w- c:\program files\Eltima Software
2009-10-28 10:31 . 2009-10-28 10:31 -------- d-----w- c:\program files\MapExpert
2009-10-28 09:53 . 2009-10-28 10:03 -------- d-----w- c:\program files\IGN
2009-10-21 05:39 . 2009-10-21 05:39 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:39 . 2009-10-21 05:39 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:33 . 2009-10-13 10:33 271360 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:39 . 2009-10-12 13:39 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-10-12 13:39 . 2009-10-12 13:39 150528 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-09-20 16:18 . 2009-02-07 05:43 24576 ----a-w- c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
2009-09-18 07:38 . 2009-09-18 07:38 -------- d-----w- c:\program files\Alwil Software
2009-09-04 21:04 . 2009-09-04 21:04 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-09-04 11:47 . 2010-02-22 13:24 453 ----a-w- c:\documents and settings\All Users\Application Data\Ciel\Données Communes\pdf.dll
2009-09-04 11:46 . 2009-09-04 11:46 -------- d-----w- c:\program files\Fichiers communs\Ciel
2009-09-04 11:45 . 2009-09-04 11:52 -------- d-----w- C:\Données Ciel
2009-09-02 19:18 . 2009-09-11 14:18 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-02 19:18 . 2009-06-25 08:26 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-09-02 19:18 . 2009-06-25 08:26 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-09-02 19:18 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-08-30 08:57 . 2009-08-30 08:57 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-30 08:57 . 2009-08-30 08:57 -------- d-----w- c:\program files\MSBuild
2009-08-30 08:56 . 2009-08-30 08:56 -------- d-----w- c:\program files\Reference Assemblies
2009-08-30 08:42 . 2009-08-30 08:42 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-08-29 16:18 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-29 16:18 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-08-29 16:18 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-08-29 16:18 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-08-29 16:18 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-08-29 16:18 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-08-29 16:18 . 2009-06-25 08:26 736768 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-08-29 16:18 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-08-29 16:18 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-29 16:16 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-08-29 16:16 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-29 16:10 . 2009-08-25 09:18 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-08-29 16:09 . 2009-07-31 04:33 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-08-29 16:09 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-08-26 19:03 . 2009-12-30 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-26 19:02 . 2009-08-26 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-26 19:02 . 2009-08-26 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-16 22:24 . 2009-08-16 22:24 -------- d--h--w- c:\windows\PIF
2009-08-16 22:20 . 2004-08-05 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-16 22:20 . 2004-08-05 12:00 4224 ------w- c:\windows\system32\drivers\beep.sys
2009-08-16 20:32 . 2009-09-18 07:31 81984 ----a-w- c:\windows\system32\bdod.bin
2009-08-16 20:21 . 2009-09-18 07:32 -------- d-----w- c:\program files\BitDefender

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-10 11:03 . 2008-10-29 14:32 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\FileZilla
2010-07-07 15:25 . 2008-10-02 12:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-22 14:19 . 2008-09-12 21:48 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\OpenOffice.org2
2010-06-22 14:19 . 2008-09-12 21:49 1 ----a-w- c:\documents and settings\Gabrielle\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-05-27 11:49 . 2008-09-13 14:06 37816 ----a-w- c:\documents and settings\Gabrielle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-27 11:47 . 2008-09-12 20:38 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-05-15 12:55 . 2008-09-13 08:51 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\Skype
2010-05-15 11:06 . 2008-09-18 19:38 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\skypePM
2010-04-26 18:04 . 2008-09-12 22:11 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\Ahead
2010-02-20 10:15 . 2008-09-12 19:21 -------- d-----w- c:\program files\Java
2010-01-06 13:54 . 2008-09-13 08:18 165232 ---ha-w- c:\documents and settings\Gabrielle\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2009-12-31 16:50 . 2004-08-10 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 22:34 . 2008-12-03 20:21 -------- d-----w- c:\program files\Norton Security Scan
2009-12-25 15:43 . 2009-05-03 13:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 19:07 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2008-09-12 19:05 347648 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:09 . 2004-08-10 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:08 . 2004-08-10 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:08 . 2004-08-04 00:49 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-10 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-03 15:14 . 2009-05-03 13:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-05-03 13:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-27 17:13 . 2004-08-10 12:00 1297920 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:13 . 2004-08-04 00:54 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:08 . 2004-08-10 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:08 . 2004-08-10 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:08 . 2004-08-10 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:08 . 2004-08-04 00:54 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:08 . 2001-08-23 17:47 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 15:58 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-28 12:32 . 2008-09-12 19:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-21 05:39 . 2004-08-10 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-10 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-10 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 16:32 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-10-15 16:32 . 2004-08-10 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-10-13 10:33 . 2004-08-10 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2004-08-10 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2004-08-10 12:00 150528 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-04-10 10:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:18 . 2004-08-10 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2004-08-10 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 08:52 . 2008-09-12 21:44 -------- d-----w- c:\program files\MSECache
2009-08-26 08:01 . 2004-08-10 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 09:18 . 2004-08-10 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2009-08-16 17:31 . 2009-05-02 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-16 14:10 . 2008-11-25 06:56 -------- d-----w- c:\program files\Google
2009-08-16 14:10 . 2008-09-12 20:32 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-08-14 15:13 . 2004-08-10 12:00 1850752 ----a-w- c:\windows\system32\win32k.sys
2009-08-06 18:24 . 2008-09-12 19:11 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2008-09-12 20:55 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2008-09-12 19:11 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2008-09-12 19:11 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2004-08-10 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2008-09-12 19:11 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2008-09-13 10:19 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 18:23 . 2008-09-12 19:11 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 18:23 . 2008-09-12 19:11 209624 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:23 . 2007-07-30 17:18 215904 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:00 . 2004-08-10 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 09:03 . 2008-09-12 19:53 1372672 ----a-w- c:\windows\system32\msxml6.dll
2009-07-31 04:33 . 2004-08-10 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-24 10:00 . 2008-10-29 14:25 -------- d-----w- c:\program files\EasyPHP 2.0b1
2009-07-20 14:07 . 2004-08-10 12:00 3684810 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-20 14:07 . 2004-08-10 12:00 1791940 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-17 19:03 . 2004-08-10 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:16 . 2004-08-10 12:00 1440768 ----a-w- c:\windows\system32\query.dll
2009-07-13 21:43 . 2004-08-10 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 09:56 . 2008-09-13 08:24 -------- d-----w- c:\program files\Windows Live
2009-07-09 09:46 . 2008-09-13 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-25 08:26 . 2004-08-10 12:00 736768 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2004-08-10 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2004-08-10 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2004-08-10 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2004-08-10 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-10 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 10:44 . 2004-08-10 12:00 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2004-08-10 12:00 82944 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 07:21 . 2008-09-12 19:05 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-10 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-05-07 15:33 . 2004-08-10 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
2009-03-05 16:08 . 2009-08-16 20:25 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.



gaby.zeze
 Posté le 23/07/2010 à 17:19 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

ComboFix4.txt 2010-07-20 14:17 - DEUXIEME PARTIE

((((((((((((((((((((((((((((( SnapShot_2010-01-03_11.55.26 )))))))))))))))))))))))))))))))))))))))))


+ 2009-06-26 17:10 . 2009-06-26 17:10 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfcm90u.dll
+ 2009-06-26 17:10 . 2009-06-26 17:10 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfcm90.dll
+ 2009-07-20 14:06 . 2009-07-20 14:06 16384 c:\windows\temp\Perflib_Perfdata_360.dat
+ 2009-07-20 14:06 . 2009-07-20 14:06 16384 c:\windows\temp\Perflib_Perfdata_2b4.dat
+ 2008-09-12 19:52 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2008-09-12 19:52 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2007-08-13 16:54 . 2009-12-21 19:06 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 16:54 . 2009-03-08 03:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 12:00 . 2009-12-21 19:06 25600 c:\windows\system32\jsproxy.dll
- 2004-08-10 12:00 . 2009-03-08 03:33 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-10 12:00 . 2009-11-27 16:08 28672 c:\windows\system32\dllcache\msvidc32.dll
- 2008-09-12 21:28 . 2009-03-08 03:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-09-12 21:28 . 2009-12-21 19:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-08-13 16:54 . 2009-03-08 03:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 16:54 . 2009-12-21 19:06 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-07-29 04:35 . 2009-10-15 16:32 81920 c:\windows\system32\dllcache\fontsub.dll
- 2009-07-29 04:35 . 2009-07-29 04:35 81920 c:\windows\system32\dllcache\fontsub.dll
- 2009-06-10 14:14 . 2009-06-10 14:14 85504 c:\windows\system32\dllcache\avifil32.dll
+ 2009-06-10 14:14 . 2009-11-27 16:08 85504 c:\windows\system32\dllcache\avifil32.dll
+ 2010-01-23 19:33 . 2010-01-23 19:33 49664 c:\windows\Installer\723e712.msi
+ 2010-06-15 15:35 . 2010-06-15 15:35 21504 c:\windows\Installer\4aaa8d8.msi
+ 2010-05-27 11:16 . 2010-05-27 11:16 22528 c:\windows\Installer\38bbd13.msi
+ 2010-05-27 11:15 . 2010-05-27 11:15 27648 c:\windows\Installer\38bbd0c.msi

+ 2010-05-27 11:33 . 2010-05-27 11:33 10134 c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
+ 2010-05-27 09:31 . 2010-05-27 09:31 11022 c:\windows\Installer\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}\workspace2as.exe
+ 2010-05-27 09:31 . 2010-05-27 09:31 11022 c:\windows\Installer\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}\PSP7workspace.exe
+ 2010-05-27 09:31 . 2010-05-27 09:31 18374 c:\windows\Installer\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}\Psp7File.exe
+ 2010-05-27 09:31 . 2010-05-27 09:31 13390 c:\windows\Installer\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}\psp7.exe
+ 2010-05-27 09:31 . 2010-05-27 09:31 13390 c:\windows\Installer\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}\browse7b.exe
+ 2010-05-27 09:31 . 2010-05-27 09:31 10134 c:\windows\Installer\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}\AnimDoc.exe
+ 2010-05-27 09:31 . 2010-05-27 09:31 69632 c:\windows\Installer\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}\_D356900035F1_42BF_BF69_88C72F2444A0.exe
+ 2010-05-27 11:33 . 2010-05-27 11:33 10134 c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
+ 2010-05-27 11:33 . 2010-05-27 11:33 10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
+ 2010-07-04 15:36 . 2010-07-04 15:36 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-05-27 11:33 . 2010-05-27 11:33 10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
+ 2010-05-27 11:37 . 2010-05-27 11:37 10134 c:\windows\Installer\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}\ARPPRODUCTICON.exe
+ 2010-05-27 11:33 . 2010-05-27 11:33 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
+ 2010-05-27 11:33 . 2010-05-27 11:33 10134 c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
+ 2010-02-20 10:21 . 2009-10-29 07:42 12800 c:\windows\ie8updates\KB978207-IE8\xpshims.dll
+ 2010-02-20 10:21 . 2009-10-29 07:42 55296 c:\windows\ie8updates\KB978207-IE8\msfeedsbs.dll
+ 2010-02-20 10:21 . 2009-10-29 07:42 25600 c:\windows\ie8updates\KB978207-IE8\jsproxy.dll
+ 2010-01-06 13:05 . 2009-03-08 03:33 12288 c:\windows\ie8updates\KB976325-IE8\xpshims.dll
+ 2010-01-06 13:05 . 2009-03-08 03:31 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll
+ 2010-01-06 13:05 . 2009-03-08 03:33 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll
+ 2009-11-27 17:13 . 2009-11-27 17:13 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-05-27 09:31 . 2010-05-27 09:31 2734 c:\windows\Installer\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}\mip.exe
+ 2009-11-27 16:08 . 2009-11-27 16:08 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2009-06-26 17:07 . 2009-06-26 17:07 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcr90.dll
+ 2009-06-26 17:07 . 2009-06-26 17:07 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcp90.dll
+ 2009-06-26 17:10 . 2009-06-26 17:10 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcm90.dll
+ 2009-06-26 17:07 . 2009-06-26 17:07 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_35349982\atl90.dll

- 2004-08-10 12:00 . 2008-04-13 17:33 474624 c:\windows\system32\shlwapi.dll
+ 2004-08-10 12:00 . 2009-12-08 09:24 474624 c:\windows\system32\shlwapi.dll
+ 2004-08-10 12:00 . 2009-12-21 19:07 206848 c:\windows\system32\occache.dll
- 2007-08-13 16:54 . 2009-03-08 03:32 594432 c:\windows\system32\msfeeds.dll
+ 2007-08-13 16:54 . 2009-12-21 19:06 594432 c:\windows\system32\msfeeds.dll
+ 2004-08-10 12:00 . 2009-12-09 05:54 726528 c:\windows\system32\jscript.dll
- 2004-08-10 12:00 . 2009-03-08 03:33 726528 c:\windows\system32\jscript.dll
+ 2010-02-20 10:15 . 2009-10-11 03:17 149280 c:\windows\system32\javaws.exe
+ 2010-02-20 10:15 . 2009-10-11 03:17 145184 c:\windows\system32\javaw.exe
+ 2010-02-20 10:15 . 2009-10-11 03:17 145184 c:\windows\system32\java.exe
+ 2004-08-10 12:00 . 2009-12-21 19:06 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 12:00 . 2009-12-21 19:06 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-10 12:00 . 2009-12-21 13:20 173056 c:\windows\system32\ie4uinit.exe
- 2004-08-10 12:00 . 2009-03-08 03:32 173056 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 16:54 . 2009-12-21 19:07 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-07-29 04:35 . 2009-10-15 16:32 119808 c:\windows\system32\dllcache\t2embed.dll
- 2009-07-29 04:35 . 2009-07-29 04:35 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-10-15 09:48 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
- 2006-09-23 11:12 . 2006-09-23 11:12 474624 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-09-23 11:12 . 2009-12-08 09:24 474624 c:\windows\system32\dllcache\shlwapi.dll
+ 2007-08-13 16:44 . 2009-12-21 19:07 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-09-12 21:28 . 2009-12-21 19:06 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2008-09-12 21:28 . 2009-03-08 03:32 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-08-13 16:38 . 2009-12-09 05:54 726528 c:\windows\system32\dllcache\jscript.dll
- 2007-08-13 16:38 . 2009-03-08 03:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-08-13 16:54 . 2009-12-21 19:06 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 16:39 . 2009-12-21 19:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-13 16:39 . 2009-03-08 03:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 16:39 . 2009-12-21 13:20 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-09-12 19:32 . 2008-04-13 07:39 142592 c:\windows\system32\dllcache\aec.sys

+ 2010-01-10 19:15 . 2010-01-10 19:15 836096 c:\windows\Installer\e7d7c.msi
+ 2010-05-27 11:37 . 2010-05-27 11:37 356352 c:\windows\Installer\39e28cb.msi
+ 2010-05-27 11:33 . 2010-05-27 11:33 316928 c:\windows\Installer\39e28c2.msi
+ 2010-05-27 11:33 . 2010-05-27 11:33 315392 c:\windows\Installer\39e28b9.msi
+ 2010-05-27 11:33 . 2010-05-27 11:33 356864 c:\windows\Installer\39e28b0.msi
+ 2010-05-27 11:33 . 2010-05-27 11:33 359424 c:\windows\Installer\39e28a7.msi
+ 2010-05-27 11:33 . 2010-05-27 11:33 316416 c:\windows\Installer\39e289e.msi
+ 2010-05-27 11:33 . 2010-05-27 11:33 356352 c:\windows\Installer\39e2895.msi
+ 2010-02-20 10:21 . 2009-10-29 07:42 916480 c:\windows\ie8updates\KB978207-IE8\wininet.dll
+ 2010-02-20 10:21 . 2009-05-26 11:40 406392 c:\windows\ie8updates\KB978207-IE8\spuninst\updspapi.dll
+ 2010-02-20 10:21 . 2008-07-08 13:03 234872 c:\windows\ie8updates\KB978207-IE8\spuninst\spuninst.exe
+ 2010-02-20 10:21 . 2009-10-29 07:42 206848 c:\windows\ie8updates\KB978207-IE8\occache.dll
+ 2010-02-20 10:21 . 2009-10-29 07:42 594432 c:\windows\ie8updates\KB978207-IE8\msfeeds.dll
+ 2010-02-20 10:21 . 2009-10-29 07:42 246272 c:\windows\ie8updates\KB978207-IE8\ieproxy.dll
+ 2010-02-20 10:21 . 2009-10-29 07:42 184320 c:\windows\ie8updates\KB978207-IE8\iepeers.dll
+ 2010-02-20 10:21 . 2009-10-29 07:42 387584 c:\windows\ie8updates\KB978207-IE8\iedkcs32.dll
+ 2010-02-20 10:21 . 2009-10-28 14:40 173056 c:\windows\ie8updates\KB978207-IE8\ie4uinit.exe
+ 2010-03-11 12:28 . 2008-07-08 13:04 406392 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-03-11 12:28 . 2008-07-08 13:03 234872 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-03-11 12:28 . 2009-06-22 06:47 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-01-06 13:05 . 2009-03-08 03:34 914944 c:\windows\ie8updates\KB976325-IE8\wininet.dll
+ 2010-01-06 13:06 . 2009-05-26 11:40 406392 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll
+ 2010-01-06 13:06 . 2009-05-26 11:40 234872 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe
+ 2010-01-06 13:05 . 2009-03-08 03:34 109568 c:\windows\ie8updates\KB976325-IE8\occache.dll
+ 2010-01-06 13:05 . 2009-03-08 03:32 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll
+ 2010-01-06 13:05 . 2009-03-08 03:33 246784 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll
+ 2010-01-06 13:05 . 2009-03-08 03:31 183808 c:\windows\ie8updates\KB976325-IE8\iepeers.dll
+ 2010-01-06 13:05 . 2009-03-08 13:09 391536 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll
+ 2010-01-06 13:05 . 2009-03-08 03:32 173056 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe
+ 2010-01-06 13:05 . 2008-07-08 13:04 406392 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2010-01-06 13:05 . 2008-07-08 13:03 234872 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-01-06 13:05 . 2009-03-08 03:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-12-13 11:48 . 2009-12-13 11:48 200704 c:\windows\ERUNT\SDFIXT\Users\00000002\UsrClass.dat
+ 2009-12-13 11:48 . 2008-08-07 14:27 163328 c:\windows\ERUNT\SDFIXT\ERDNT.EXE
+ 2009-08-29 16:16 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys

+ 2009-06-26 17:07 . 2009-06-26 17:07 3780416 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfc90u.dll
+ 2009-06-26 17:07 . 2009-06-26 17:07 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfc90.dll
+ 2004-08-10 12:00 . 2009-12-21 19:07 1208832 c:\windows\system32\urlmon.dll
+ 2004-08-10 12:00 . 2009-07-20 14:07 2253440 c:\windows\system32\perfh009.dat
+ 2004-08-10 12:00 . 2009-07-20 14:07 1613860 c:\windows\system32\perfc009.dat
+ 2004-08-10 12:00 . 2009-12-21 19:07 5942784 c:\windows\system32\mshtml.dll
+ 2007-08-13 16:34 . 2009-12-21 19:06 1985536 c:\windows\system32\iertutil.dll
+ 2008-09-12 20:57 . 2010-05-27 16:42 3501496 c:\windows\system32\FNTCACHE.DAT
+ 2007-08-13 16:54 . 2009-12-21 19:07 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:11 . 2009-11-27 17:13 1297920 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-15 09:48 . 2009-12-09 10:09 2191232 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-15 09:48 . 2009-08-04 21:58 2191232 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-15 09:48 . 2009-08-04 17:27 2025984 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 09:48 . 2009-12-09 10:08 2025984 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 09:48 . 2009-12-09 10:09 2068096 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-15 09:48 . 2009-08-04 17:28 2068096 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-15 09:48 . 2009-08-04 17:27 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-15 09:48 . 2009-12-09 10:08 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-08-13 16:54 . 2009-12-21 19:07 5942784 c:\windows\system32\dllcache\mshtml.dll
+ 2008-09-12 21:28 . 2009-12-21 19:06 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-05-27 11:38 . 2010-05-27 11:38 2096128 c:\windows\Installer\39e28e3.msi
+ 2010-05-27 09:31 . 2010-05-27 09:31 1736704 c:\windows\Installer\32de7ff.msi
+ 2010-02-20 10:21 . 2009-10-29 07:42 1208832 c:\windows\ie8updates\KB978207-IE8\urlmon.dll
+ 2010-02-20 10:21 . 2009-10-29 07:42 5940736 c:\windows\ie8updates\KB978207-IE8\mshtml.dll
+ 2010-02-20 10:21 . 2009-10-29 07:42 1985536 c:\windows\ie8updates\KB978207-IE8\iertutil.dll
+ 2010-01-06 13:05 . 2009-03-08 03:34 1206784 c:\windows\ie8updates\KB976325-IE8\urlmon.dll
+ 2010-01-06 13:05 . 2009-03-08 03:41 5937152 c:\windows\ie8updates\KB976325-IE8\mshtml.dll
+ 2010-01-06 13:05 . 2009-03-08 03:32 1985024 c:\windows\ie8updates\KB976325-IE8\iertutil.dll

- 2008-10-15 09:48 . 2009-08-04 21:58 2191232 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 09:48 . 2009-12-09 10:09 2191232 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 09:48 . 2009-12-09 10:08 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 09:48 . 2009-08-04 17:27 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 09:48 . 2009-12-09 10:09 2068096 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-15 09:48 . 2009-08-04 17:28 2068096 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-15 09:48 . 2009-08-04 17:27 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-15 09:48 . 2009-12-09 10:08 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-09-15 12:06 . 2009-09-15 12:06 1001032 c:\windows\Downloaded Program Files\UploaderX.dll
+ 2010-01-01 12:32 . 2010-03-02 05:30 31648712 c:\windows\system32\MRT.exe
+ 2007-08-13 16:54 . 2009-12-21 19:06 11070464 c:\windows\system32\ieframe.dll
+ 2008-09-12 21:28 . 2009-12-21 19:06 11070464 c:\windows\system32\dllcache\ieframe.dll
+ 2010-07-04 15:35 . 2010-07-04 15:35 20242432 c:\windows\Installer\747a113.msp
+ 2010-01-23 19:33 . 2010-01-23 19:33 15710720 c:\windows\Installer\723e719.msp
+ 2010-02-20 10:21 . 2009-10-29 07:42 11069952 c:\windows\ie8updates\KB978207-IE8\ieframe.dll
+ 2010-01-06 13:05 . 2009-03-08 03:39 11063808 c:\windows\ie8updates\KB976325-IE8\ieframe.dll
+ 2009-12-13 11:48 . 2009-12-13 11:48 13762560 c:\windows\ERUNT\SDFIXT\Users\00000001\NTUSER.DAT
.
-- Instantané actualisé --

.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-25 2065248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AdobeAAMUpdater-1.0"="c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-25 07:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 08:21 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/01/2010 21:58 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/01/2010 21:58 242896]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [10/08/2004 14:00 14336]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [25/06/2010 09:36 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [25/06/2010 09:37 308064]
S0 virq;virq;c:\windows\system32\drivers\zuxvh.sys --> c:\windows\system32\drivers\zuxvh.sys [?]
S2 gupdate1c98394c3fa3d08;Google Update Service (gupdate1c98394c3fa3d08);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2009 13:12 133104]
S2 nscpjapu;Synaptics TouchPad Controller;c:\windows\System32\svchost.exe -k netsvcs [10/08/2004 14:00 14336]
S3 DOSMEMIO;MEMIO;\??\e:\memio.sys --> e:\MEMIO.SYS [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - aculp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nscpjapu
.
Contenu du dossier 'Tâches planifiées'

2010-07-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-INSPIRON-Gabrielle.job
- c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-27 01:44]

2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 11:12]

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 11:12]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.fr/s/v/61.11/uploader2.cab
FF - ProfilePath - c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}\defaults\preferences\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-sta - rwxap.dll
HKLM-Run-MChk - c:\windows\system32\ewxap.exe
MSConfigStartUp-SEO Soft - c:\documents and settings\Gabrielle\Bureau\Nouveau dossier\stat\stat.exe
AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 16:07
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8967AB4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7ecb8
\Driver\atapi -> atapi.sys @ 0xb9e4e852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d5abb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d49a0d
SendHandler -> NDIS.sys @ 0xb9d5db40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aculp]

.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3584)
c:\windows\system32\hccutils.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\eappprxy.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Heure de fin: 2010-07-20 16:17:50 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-07-20 14:17
ComboFix2.txt 2010-01-03 11:59
ComboFix3.txt 2009-12-25 20:01
ComboFix4.txt 2009-12-13 10:39

Avant-CF: 5 827 973 120 octets libres
Après-CF: 4 376 346 624 octets libres

- - End Of File - - C338369B3B720FD5EE0BCE4199BB3094


gaby.zeze
 Posté le 23/07/2010 à 17:23 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

ComboFix5.txt 2010-07-22 08:09 PREMIERE PARTIE

ComboFix 09-08-10.06 - Gabrielle 13/12/2009 11:34.18.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1270.683 [GMT 1:00]
Running from: d:\_programmes\avast\ComboFix.exe
AV: avast! antivirus 4.7.1368 [VPS 091212-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-11-13 to 2009-12-13 )))))))))))))))))))))))))))))))
.

2009-12-13 10:16 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-13 10:16 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-12 11:23 . 2009-12-12 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-12 11:23 . 2009-12-12 11:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-25 11:13 . 2009-11-25 11:13 -------- d-----w- c:\program files\Poedit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-13 10:12 . 2004-08-10 12:00 2322448 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-13 10:12 . 2004-08-10 12:00 1124760 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-11 09:54 . 2008-10-29 14:32 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\FileZilla
2009-12-09 12:24 . 2008-09-12 21:48 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\OpenOffice.org2
2009-12-09 12:24 . 2008-09-12 21:49 1 ----a-w- c:\documents and settings\Gabrielle\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-12-02 17:26 . 2009-11-06 15:57 79488 ----a-w- c:\documents and settings\Gabrielle\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-24 23:54 . 2009-09-18 07:38 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-09-18 07:38 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-09-18 07:38 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:49 . 2009-09-18 07:38 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-09-18 07:38 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-09-18 07:38 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-09-18 07:38 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-17 22:50 . 2009-07-09 09:52 -------- d-----w- c:\program files\Microsoft
2009-11-04 12:30 . 2009-09-04 11:47 431 ----a-w- c:\documents and settings\All Users\Application Data\Ciel\Données Communes\pdf.dll
2009-10-28 19:04 . 2009-10-28 11:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-28 12:32 . 2009-10-28 12:32 -------- d-----w- c:\program files\Fichiers communs\Vbox
2009-10-28 12:32 . 2009-10-28 12:32 -------- d-----w- c:\program files\Macromedia
2009-10-28 12:32 . 2008-09-12 19:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 11:35 . 2009-10-28 11:35 -------- d-----w- c:\program files\Eltima Software
2009-10-28 10:31 . 2009-10-28 10:31 -------- d-----w- c:\program files\MapExpert
2009-10-28 10:03 . 2009-10-28 09:53 -------- d-----w- c:\program files\IGN
2009-10-17 19:01 . 2008-09-13 14:06 32608 ----a-w- c:\documents and settings\Gabrielle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-18 07:31 . 2009-08-16 20:32 81984 ----a-w- c:\windows\system32\bdod.bin
2009-03-05 16:08 . 2009-08-16 20:25 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"Google Update"="c:\documents and settings\Gabrielle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-30 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-10 148888]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

S0 virq;virq;c:\windows\system32\drivers\zuxvh.sys --> c:\windows\system32\drivers\zuxvh.sys [?]
S2 gupdate1c98394c3fa3d08;Google Update Service (gupdate1c98394c3fa3d08);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2009 12:12 133104]
S3 DOSMEMIO;MEMIO;\??\e:\memio.sys --> e:\MEMIO.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2009-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 11:12]

2009-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 11:12]

2009-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-329068152-682003330-1003Core.job
- c:\documents and settings\Gabrielle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-30 21:55]

2009-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-329068152-682003330-1003UA.job
- c:\documents and settings\Gabrielle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-30 21:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.google.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\Gabrielle\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-13 11:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(776)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\igfxsrvc.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
Completion time: 2009-12-13 11:39
ComboFix-quarantined-files.txt 2009-12-13 10:39

Pre-Run: 4 950 196 224 octets libres
Post-Run: 6 314 790 912 octets libres

207 --- E O F --- 2009-08-31 08:48
ComboFix 09-12-25.02 - Gabrielle 25/12/2009 20:53:02.19.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1270.658 [GMT 1:00]
Lancé depuis: d:\_programmes\avast\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091225-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-11-25 au 2009-12-25 ))))))))))))))))))))))))))))))))))))
.

2009-12-25 19:46 . 2009-12-25 19:46 401408 ----a-w- c:\windows\system32\CF31800.exe
2009-12-25 16:04 . 2009-12-25 18:57 -------- d-----w- c:\windows\BDOSCAN8
2009-12-25 15:41 . 2009-12-25 15:41 4844295 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-13 15:12 . 2009-11-22 14:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-12-13 15:12 . 2009-11-22 14:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-12-13 15:11 . 2009-12-13 15:12 -------- d-----w- c:\windows\system32\ZoneLabs
2009-12-13 15:11 . 2009-11-22 14:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-13 15:11 . 2009-12-13 15:11 -------- d-----w- c:\program files\Zone Labs
2009-12-13 14:45 . 2009-12-25 19:48 -------- d-----w- c:\windows\Internet Logs
2009-12-13 13:49 . 2009-12-13 14:39 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\CheckPoint
2009-12-13 13:49 . 2009-12-13 15:12 -------- d-----w- c:\program files\CheckPoint
2009-12-13 13:49 . 2009-12-13 15:12 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-13 11:51 . 2009-12-13 11:51 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-12-13 11:41 . 2009-12-13 12:28 -------- d-----w- C:\SDFix
2009-12-13 10:44 . 2009-12-25 18:44 -------- d-----w- c:\program files\Navilog1
2009-12-13 10:16 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-13 10:16 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-12 11:23 . 2009-12-13 19:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-12 11:23 . 2009-12-12 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 19:52 . 2009-11-06 15:57 79488 ----a-w- c:\documents and settings\Gabrielle\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-25 19:46 . 2009-12-15 17:49 2108284 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-12-25 19:00 . 2004-08-10 12:00 2394260 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-25 19:00 . 2004-08-10 12:00 1159964 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-25 15:49 . 2009-12-25 15:49 19297657 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_thread_2009_12_25_16_43_15_full.dmp.zip
2009-12-25 15:43 . 2009-05-03 13:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-24 13:07 . 2008-10-29 14:32 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\FileZilla
2009-12-09 12:24 . 2008-09-12 21:48 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\OpenOffice.org2
2009-12-09 12:24 . 2008-09-12 21:49 1 ----a-w- c:\documents and settings\Gabrielle\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-12-03 15:14 . 2009-05-03 13:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-05-03 13:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-25 11:13 . 2009-11-25 11:13 -------- d-----w- c:\program files\Poedit
2009-11-24 23:54 . 2009-09-18 07:38 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-09-18 07:38 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-09-18 07:38 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:49 . 2009-09-18 07:38 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-09-18 07:38 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-09-18 07:38 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-09-18 07:38 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-17 22:50 . 2009-07-09 09:52 -------- d-----w- c:\program files\Microsoft
2009-11-04 12:30 . 2009-09-04 11:47 431 ----a-w- c:\documents and settings\All Users\Application Data\Ciel\Données Communes\pdf.dll
2009-10-28 19:04 . 2009-10-28 11:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-28 12:32 . 2009-10-28 12:32 -------- d-----w- c:\program files\Fichiers communs\Vbox
2009-10-28 12:32 . 2009-10-28 12:32 -------- d-----w- c:\program files\Macromedia
2009-10-28 12:32 . 2008-09-12 19:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 11:35 . 2009-10-28 11:35 -------- d-----w- c:\program files\Eltima Software
2009-10-28 10:31 . 2009-10-28 10:31 -------- d-----w- c:\program files\MapExpert
2009-10-28 10:03 . 2009-10-28 09:53 -------- d-----w- c:\program files\IGN
2009-10-17 19:01 . 2008-09-13 14:06 32608 ----a-w- c:\documents and settings\Gabrielle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-05 16:08 . 2009-08-16 20:25 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

gaby.zeze
 Posté le 23/07/2010 à 17:28 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

ComboFix5.txt 2010-07-22 08:09 DEUXIEME PARTIE

((((((((((((((((((((((((((((( SnapShot@2009-12-13_10.36.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-25 18:59 . 2009-12-25 18:59 16384 c:\windows\temp\Perflib_Perfdata_6e8.dat
+ 2009-12-25 18:59 . 2009-12-25 18:59 16384 c:\windows\temp\Perflib_Perfdata_380.dat
+ 2009-12-13 15:12 . 2009-11-22 14:42 99208 c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2009-12-13 15:12 . 2009-11-22 14:42 65928 c:\windows\system32\ZoneLabs\zatray.exe
+ 2009-12-13 15:11 . 2009-11-22 14:43 20872 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:43 14216 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:43 43912 c:\windows\system32\ZoneLabs\lib\zfde.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:43 85384 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:43 37256 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 12680 c:\windows\system32\ZoneLabs\lib\oem_1488.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 12680 c:\windows\system32\ZoneLabs\lib\oem_1487.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 12680 c:\windows\system32\ZoneLabs\lib\oem_1486.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 18824 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 12680 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 10120 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 11144 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 14216 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 12168 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 11144 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 29064 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 12680 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 35720 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2009-12-13 15:12 . 2009-11-22 14:42 38280 c:\windows\system32\ZoneLabs\featuremap.dll
+ 2009-12-13 15:12 . 2009-11-22 14:42 98184 c:\windows\system32\ZoneLabs\fbl.dll
+ 2009-12-13 15:12 . 2009-11-22 14:42 74632 c:\windows\system32\ZoneLabs\camupd.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 41864 c:\windows\system32\vswmi.dll

+ 2009-12-13 15:12 . 2009-11-22 14:42 58248 c:\windows\system32\vsregexp.dll
- 2009-08-17 07:17 . 2009-08-17 07:20 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-08-17 07:17 . 2009-12-13 11:18 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-08-15 22:39 . 2008-10-16 12:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-08-15 22:39 . 2008-04-13 17:34 13824 c:\windows\system32\dllcache\cache\wscntfy.exe
+ 2009-08-15 22:39 . 2008-04-13 17:33 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-08-15 22:39 . 2008-04-13 17:34 26624 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-08-15 22:39 . 2008-04-13 17:34 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-08-15 22:39 . 2008-04-13 17:34 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-08-15 22:39 . 2008-04-13 17:33 88576 c:\windows\system32\dllcache\cache\rasauto.dll
+ 2009-08-15 22:39 . 2008-04-13 17:33 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-08-15 22:39 . 2008-04-13 17:33 33792 c:\windows\system32\dllcache\cache\msgsvc.dll
+ 2009-08-15 22:39 . 2008-04-13 17:34 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-08-15 22:39 . 2008-04-13 17:33 22016 c:\windows\system32\dllcache\cache\lpk.dll
+ 2009-08-15 22:39 . 2008-04-13 17:05 25216 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-08-15 22:39 . 2008-04-13 09:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-08-15 22:39 . 2008-04-13 17:34 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-08-15 22:39 . 2008-04-13 09:57 14336 c:\windows\system32\dllcache\cache\asyncmac.sys
+ 2009-08-15 22:39 . 2004-08-10 12:00 12032 c:\windows\system32\dllcache\cache\acpiec.sys
+ 2006-05-25 00:21 . 2006-05-25 00:21 53248 c:\windows\Downloaded Program Files\ipsupd.dll
+ 2006-05-25 00:22 . 2006-05-25 00:22 53248 c:\windows\bdoscandel.exe
+ 2009-12-25 16:12 . 2009-12-25 16:12 86016 c:\windows\BDOSCAN8\librtvr.dll
+ 2009-12-25 16:12 . 2009-12-25 16:12 27136 c:\windows\BDOSCAN8\avxt.dll
+ 2009-12-25 16:12 . 2009-12-25 16:12 10240 c:\windows\BDOSCAN8\avxs.dll
+ 2009-12-25 16:12 . 2009-12-25 16:12 45056 c:\windows\BDOSCAN8\avxdisk.dll
+ 2009-08-15 22:39 . 2008-04-13 17:33 5120 c:\windows\system32\dllcache\cache\sfc.dll
+ 2009-08-15 22:39 . 2004-08-10 12:00 2944 c:\windows\system32\dllcache\cache\null.sys
+ 2009-12-13 10:38 . 2004-08-05 12:00 4224 c:\windows\system32\dllcache\cache\beep.sys
+ 2009-12-13 15:12 . 2009-11-22 14:42 141192 c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2009-12-13 15:12 . 2009-11-22 14:42 172936 c:\windows\system32\ZoneLabs\vsvault.dll
+ 2009-12-13 15:10 . 2009-11-22 14:42 210824 c:\windows\system32\ZoneLabs\vsdb.dll
+ 2009-12-13 15:12 . 2007-10-11 15:51 832984 c:\windows\system32\ZoneLabs\updating.dll
+ 2009-12-13 15:12 . 2009-11-22 14:42 434568 c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2009-12-13 15:12 . 2009-11-22 14:42 135048 c:\windows\system32\ZoneLabs\scheduler.dll
+ 2009-12-13 15:12 . 2009-07-13 22:58 722392 c:\windows\system32\ZoneLabs\qrbase.dll
+ 2009-12-13 15:11 . 2009-11-22 14:43 119688 c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:43 267656 c:\windows\system32\ZoneLabs\lib\TrayTest.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:43 175496 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 368008 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 139144 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 376712 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2009-12-13 15:10 . 2009-10-09 19:33 579048 c:\windows\system32\ZoneLabs\icslta.dll
+ 2009-12-13 15:12 . 2008-03-17 15:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll

+ 2009-12-13 15:11 . 2009-11-22 14:42 109960 c:\windows\system32\vsxml.dll
+ 2009-12-13 15:10 . 2009-11-22 14:42 621960 c:\windows\system32\vsutil.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 299912 c:\windows\system32\vspubapi.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 107912 c:\windows\system32\vsmonapi.dll
+ 2009-12-13 15:10 . 2009-11-22 14:42 227720 c:\windows\system32\vsinit.dll
+ 2009-12-13 15:11 . 2009-11-22 14:42 486280 c:\windows\system32\vsdatant.sys
+ 2009-12-13 15:10 . 2009-11-22 14:42 112008 c:\windows\system32\vsdata.dll
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-08-15 22:39 . 2008-04-13 17:34 512000 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-08-15 22:39 . 2009-06-29 15:57 827392 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-08-15 22:39 . 2008-04-13 17:33 579584 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-08-15 22:39 . 2008-04-13 17:33 297984 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-08-15 22:39 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-08-15 22:39 . 2008-04-13 17:33 171520 c:\windows\system32\dllcache\cache\srsvc.dll
+ 2009-08-15 22:39 . 2009-02-09 11:23 111104 c:\windows\system32\dllcache\cache\services.exe
+ 2009-08-15 22:39 . 2008-04-13 17:33 187392 c:\windows\system32\dllcache\cache\scecli.dll
+ 2009-08-15 22:39 . 2009-02-09 10:53 401408 c:\windows\system32\dllcache\cache\rpcss.dll
+ 2009-08-15 22:39 . 2008-04-13 17:33 409088 c:\windows\system32\dllcache\cache\qmgr.dll
+ 2009-08-15 22:39 . 2008-04-13 17:33 438272 c:\windows\system32\dllcache\cache\ntmssvc.dll
+ 2009-12-13 10:38 . 2008-04-13 10:15 574976 c:\windows\system32\dllcache\cache\ntfs.sys
+ 2009-08-15 22:39 . 2008-04-13 17:33 407040 c:\windows\system32\dllcache\cache\netlogon.dll
+ 2009-08-15 22:39 . 2008-04-13 10:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-08-15 22:39 . 2008-04-13 17:33 927504 c:\windows\system32\dllcache\cache\mfc40u.dll
+ 2009-08-15 22:39 . 2008-04-13 17:33 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-08-15 22:39 . 2008-04-13 17:33 851968 c:\windows\system32\dllcache\cache\comres.dll
+ 2009-08-15 22:39 . 2008-04-13 17:33 617472 c:\windows\system32\dllcache\cache\comctl32.dll
+ 2009-08-15 22:39 . 2008-04-13 17:33 176640 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-08-15 22:39 . 2008-04-13 07:39 142592 c:\windows\system32\dllcache\cache\aec.sys
+ 2009-12-13 11:48 . 2009-12-13 11:48 200704 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2009-08-16 10:34 . 2009-08-16 10:34 200704 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-12-13 11:48 . 2008-08-07 14:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
- 2009-08-16 10:34 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2006-05-25 00:21 . 2006-05-25 00:21 118784 c:\windows\Downloaded Program Files\bdupd.dll
+ 2006-05-25 00:21 . 2009-01-05 13:44 741376 c:\windows\BDOSCAN8\ipsupd.dll
+ 2006-05-25 00:21 . 2006-05-25 00:21 118784 c:\windows\BDOSCAN8\bdupd.dll
+ 2009-12-13 15:12 . 2009-11-22 14:42 1789320 c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2009-12-13 15:11 . 2009-11-22 14:44 2384240 c:\windows\system32\ZoneLabs\vsmon.exe
+ 2009-12-13 15:11 . 2009-11-22 14:43 1536392 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2004-08-10 12:00 . 2009-12-25 19:00 1607768 c:\windows\system32\perfh009.dat
+ 2004-08-10 12:00 . 2009-12-25 19:00 1065570 c:\windows\system32\perfc009.dat
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-08-15 22:39 . 2008-04-13 17:33 1571840 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-08-15 22:39 . 2009-02-09 11:23 2147328 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-08-15 22:39 . 2009-02-09 11:23 2025984 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-08-15 22:39 . 2009-07-19 13:29 3597824 c:\windows\system32\dllcache\cache\mshtml.dll
+ 2009-08-15 22:39 . 2009-03-21 14:07 1054720 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-08-15 22:39 . 2008-04-13 17:34 1037824 c:\windows\system32\dllcache\cache\explorer.exe
+ 2009-12-13 11:48 . 2009-12-13 11:48 13762560 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
.

-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Gabrielle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-30 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-10 148888]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 08:21 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/12/2009 11:16 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/12/2009 11:16 20560]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14/10/2009 14:30 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14/10/2009 14:30 476528]
S0 virq;virq;c:\windows\system32\drivers\zuxvh.sys --> c:\windows\system32\drivers\zuxvh.sys [?]
S2 gupdate1c98394c3fa3d08;Google Update Service (gupdate1c98394c3fa3d08);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2009 12:12 133104]
S3 DOSMEMIO;MEMIO;\??\e:\memio.sys --> e:\MEMIO.SYS [?]
.

------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.google.com
FF - ProfilePath - c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\Gabrielle\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-25 20:58
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0



gaby.zeze
 Posté le 23/07/2010 à 17:30 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

ComboFix5.txt 2010-07-22 08:09 DERNIERE PARTIE

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3408)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
Heure de fin: 2009-12-25 21:01:13
ComboFix-quarantined-files.txt 2009-12-25 20:01
ComboFix2.txt 2009-12-13 10:39

Avant-CF: 5 935 030 272 octets libres
Après-CF: 5 914 054 656 octets libres

- - End Of File - - BEB098D383C8DFDA4C6ECA4C3CDBD37B
ComboFix 10-01-02.04 - Gabrielle 03/01/2010 12:47:14.20.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1270.738 [GMT 1:00]
Lancé depuis: d:\_programmes\avast\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\etc\lmhosts

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-03 au 2010-01-03 ))))))))))))))))))))))))))))))))))))
.

2010-01-03 11:10 . 2010-01-03 11:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-03 10:53 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-01-03 10:53 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2010-01-03 10:53 . 2010-01-03 10:53 -------- d-----w- c:\program files\Sunbelt Software
2010-01-03 10:52 . 2010-01-03 10:52 -------- d-----w- c:\windows\Internet Logs
2010-01-02 23:34 . 2010-01-02 23:34 -------- d-sh--w- c:\documents and settings\Gabrielle\IETldCache
2010-01-02 23:27 . 2010-01-02 23:31 -------- dc-h--w- c:\windows\ie8
2010-01-02 04:09 . 2010-01-02 04:09 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\AVG9
2010-01-01 20:07 . 2010-01-01 19:58 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-01-01 20:07 . 2010-01-01 19:58 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-01 20:07 . 2010-01-01 19:58 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-01-01 20:07 . 2010-01-01 19:58 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-01-01 20:07 . 2010-01-01 19:58 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2010-01-01 20:07 . 2010-01-01 19:58 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-01-01 19:58 . 2010-01-02 04:16 -------- d-----w- C:\$AVG
2010-01-01 19:58 . 2010-01-01 19:58 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-01 19:58 . 2010-01-01 19:58 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-01 19:58 . 2010-01-01 19:58 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-01 19:58 . 2010-01-01 19:58 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-01 19:58 . 2010-01-02 11:31 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-01 19:58 . 2010-01-01 19:58 -------- d-----w- c:\program files\AVG
2010-01-01 19:58 . 2010-01-01 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-01 12:20 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-01 12:15 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-25 20:24 . 2009-12-25 20:59 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\QuickScan
2009-12-25 19:46 . 2009-12-25 19:46 401408 ----a-w- c:\windows\system32\CF31800.exe
2009-12-25 16:04 . 2009-12-25 20:21 -------- d-----w- c:\windows\BDOSCAN8
2009-12-25 15:41 . 2009-12-25 15:41 4844295 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-13 13:49 . 2009-12-13 14:39 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\CheckPoint
2009-12-13 13:49 . 2009-12-13 15:12 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-13 11:51 . 2009-12-13 11:51 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-12-13 11:41 . 2009-12-25 21:04 -------- d-----w- C:\SDFix
2009-12-13 10:44 . 2010-01-03 11:25 -------- d-----w- c:\program files\Navilog1
2009-12-12 11:23 . 2009-12-13 19:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-12 11:23 . 2009-12-12 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 11:17 . 2004-08-10 12:00 2502674 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-03 11:17 . 2004-08-10 12:00 1212428 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-01 12:47 . 2008-10-02 12:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-30 22:34 . 2009-08-26 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-12-30 22:34 . 2008-12-03 20:21 -------- d-----w- c:\program files\Norton Security Scan
2009-12-30 16:10 . 2008-10-29 14:32 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\FileZilla
2009-12-25 19:52 . 2009-11-06 15:57 79488 ----a-w- c:\documents and settings\Gabrielle\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-25 15:43 . 2009-05-03 13:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 12:24 . 2008-09-12 21:48 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\OpenOffice.org2
2009-12-09 12:24 . 2008-09-12 21:49 1 ----a-w- c:\documents and settings\Gabrielle\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-12-03 15:14 . 2009-05-03 13:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-05-03 13:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-25 11:13 . 2009-11-25 11:13 -------- d-----w- c:\program files\Poedit
2009-11-21 15:58 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 22:50 . 2009-07-09 09:52 -------- d-----w- c:\program files\Microsoft
2009-11-04 12:30 . 2009-09-04 11:47 431 ----a-w- c:\documents and settings\All Users\Application Data\Ciel\Données Communes\pdf.dll
2009-10-17 19:01 . 2008-09-13 14:06 32608 ----a-w- c:\documents and settings\Gabrielle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 10:33 . 2004-08-10 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2004-08-10 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2004-08-10 12:00 150528 ----a-w- c:\windows\system32\rastls.dll
2009-03-05 16:08 . 2009-08-16 20:25 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-10 148888]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-01 19:58 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 08:21 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-03-30 21:55 133104 ----atw- c:\documents and settings\Gabrielle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/01/2010 20:58 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/01/2010 20:58 360584]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [03/01/2010 11:53 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21/06/2008 04:54 66600]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [01/01/2010 20:58 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [01/01/2010 20:58 285392]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31/10/2008 07:24 95528]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [03/01/2010 11:53 65576]
S0 virq;virq;c:\windows\system32\drivers\zuxvh.sys --> c:\windows\system32\drivers\zuxvh.sys [?]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31/10/2008 07:24 1365288]
S3 DOSMEMIO;MEMIO;\??\e:\memio.sys --> e:\MEMIO.SYS [?]
S3 gupdate1c98394c3fa3d08;Google Update Service (gupdate1c98394c3fa3d08);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2009 12:12 133104]
.
Contenu du dossier 'Tâches planifiées'

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 11:12]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 11:12]

2010-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-329068152-682003330-1003Core.job
- c:\documents and settings\Gabrielle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-30 21:55]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-329068152-682003330-1003UA.job
- c:\documents and settings\Gabrielle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-30 21:55]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
FF - ProfilePath - c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\Gabrielle\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 12:55
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2010-01-03 12:59:29
ComboFix-quarantined-files.txt 2010-01-03 11:59
ComboFix2.txt 2009-12-25 20:01
ComboFix3.txt 2009-12-13 10:39

Avant-CF: 5 698 789 376 octets libres
Après-CF: 5 663 838 208 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 0289B39AA79D476D779B594E55E27E72

Publicité
chrifleur
 Posté le 23/07/2010 à 19:25 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

je regarde tout cela et je reviens...

gaby.zeze
 Posté le 23/07/2010 à 20:54 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Ok, merci bcp.

Gaby

chrifleur
 Posté le 23/07/2010 à 21:21 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

suis ce tutoriel et poste son rapport

https://forum.pcastuces.com/zhpdiag___zhpfix-f31s55.htm

gaby.zeze
 Posté le 23/07/2010 à 21:46 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Ci dessous, le rapport ZHPDIAG - Premiere partie

Rapport de ZHPDiag v1.26.31 par Nicolas Coolman, Update du 23/07/2010
Run by Gabrielle at 23/07/2010 21:30:18
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox (3.5.3)

---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 6 Model 14 Stepping 8, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1270 MB (33% free)
System drive C: has 3 GB (15%) free of 21 GB

---\\ Logged in mode
Computer Name: INSPIRON
User Name: Gabrielle
All Users Names: SUPPORT_388945a0, HelpAssistant, Gabrielle, ASPNET, Administrateur, 2,
Unselected Option: O1,O45,O61,O65,O82
Logged in as Administrator

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 21 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 249 Go of 277 Go)
E:\ CD-ROM drive (Not Inserted)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK


---\\ Processus lancés
[MD5.031DD8DBD4B958B5765C8C111CB1EA03] - (.AVG Technologies CZ, s.r.o. - AVG Cache Server.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe [1101152]
[MD5.5654DB4719A3C52684A20C1CA443BF8F] - (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Service.) -- C:\Program Files\AVG\AVG9\avgrsx.exe [515424]
[MD5.78EF60FECB03144780151FD934BBAB94] - (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe [723296]
[MD5.9C69E6A25F5500501B14AF43311F8D8B] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [64512]
[MD5.012844A8E13BE3941C9CAF1F91F47DF2] - (.SigmaTel, Inc. - Sigmatel Audio system tray application.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504]
[MD5.554BF964313238DB774F1E3406766C63] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [138008]
[MD5.2C0F5B7992CF976C2EFE75E394F2487F] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [162584]
[MD5.3B00D3D63E89B7383475CE5D1FC750FB] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [138008]
[MD5.ABB85828C394CEACACBC90373C59C529] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947]
[MD5.E9B04FD2921ACE22CA17FA7D5131F491] - (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\PROGRA~1\AVG\AVG9\avgtray.exe [2065760]
[MD5.3A0647BDED81DBE0BCBB51D70B22C9E0] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe [149280]
[MD5.1BF756F3FE89A1CF7A9207CD7E9ACB2B] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [252696]
[MD5.C4D15594DB5BE042D3346EA58DF87D89] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136]
[MD5.5D1347AA5AE6E2F77D7F4F8372D95AC9] - (.Microsoft Corporation - Media Center Receiver Service.) -- C:\WINDOWS\eHome\ehRecvr.exe [237568]
[MD5.980EEEA91776357518892C5544768E2B] - (.Microsoft Corporation - Service de planification Media Center.) -- C:\WINDOWS\eHome\ehSched.exe [103424]
[MD5.7C8E0F172E0BE4F9A25E766F84D22E64] - (.AVG Technologies CZ, s.r.o. - AVG Network scanner Service.) -- C:\Program Files\AVG\AVG9\avgnsx.exe [620896]
[MD5.39133291CB607BDD87CFC565A4A1E7A5] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.626A24ED1228580B9518C01930936DF9] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [133104]
[MD5.7CE50C9E49ECEED8B6418446358126D9] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [270336]
[MD5.AA054CD537357F03D5BA6ABA7562B35F] - (.AVG Technologies CZ, s.r.o. - AVG E-Mail Scanner.) -- C:\Program Files\AVG\AVG9\avgemc.exe [921952]
[MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120]
[MD5.DAEFB050AC8FEE4F1097FCF7CB97220E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\WINDOWS\eHome\ehmsas.exe [46592]
[MD5.4F201BA5F08B6726A32886655DA53FB1] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [908280]
[MD5.8B069EAE08AE6599A747445FBC83E0D3] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [481280]


---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeploytk.dll
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [@google.com/npPicasa2,version=2.0.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Picasa2\npPicasa2.dll (.not file.)
P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Google\Picasa3\npPicasa3.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50524.0.) -- C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.3] - (.Microsoft Corp. - Office Live Update v1.3.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
P2 - FPN: [HKLM] [@videolan.org/vlc;version=0.8.6h] - (.VideoLAN Team - Version 0.8.6h, copyright 1996-2007 The VideoLAN Team<br><a href="http.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"


---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643


---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18876 (longhorn_ie8_gdr.091218-1700)) -- C:\WINDOWS\system32\ieframe.dll


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} . (.AVG Technologies CZ, s.r.o. - Safe Search for Internet Explorer.) -- C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll


---\\ Applications démarrées par registre & par dossier(O4)
O4 - HKLM\..\Run: [ehTray] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] . (.SigmaTel, Inc. - Sigmatel Audio system tray application.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG9_TRAY] . (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun] Data=67108863
O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun] Data=323
O4 - HKLM\..\policies\Explorer: [NoDrives] Data=0
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKCU\..\policies\Explorer: [NoDriveTypeAutoRun] Data=323
O4 - HKCU\..\policies\Explorer: [NoDriveAutoRun] Data=67108863
O4 - HKCU\..\policies\Explorer: [NoDrives] Data=0
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe


---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.not file.) - (.not file.)


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Service client pour le fournisseur NetWare et DLL d'authentification.) -- C:\WINDOWS\system32\nwprovau.dll


---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.fr/s/v/61.11/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262347440647
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262347418694


---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} . (.AVG Technologies CZ, s.r.o. - Safe Search pluggable protocol.) -- C:\Program Files\AVG\AVG9\avgpp.dll


---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: avgrsstarter . (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Starter.) -- C:\WINDOWS\System32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\System32\igfxdev.dll


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll


---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: AVG Free E-mail Scanner (avg9emc) . (.AVG Technologies CZ, s.r.o. - AVG E-Mail Scanner.) - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) . (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c98394c3fa3d08) (gupdate1c98394c3fa3d08) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe


---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-INSPIRON-Gabrielle.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job


---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: Media Center - {407408d4-94ed-4d86-ab69-a7f649d112ee} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\inf\mcdftreg.inf
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r32.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx


---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: AVG Free AVI Loader Driver x86 (AvgLdx86) . (.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) - C:\WINDOWS\system32\Drivers\avgldx86.sys
O41 - Driver: AVG Free On-access Scanner Minifilter Driver x86 (AvgMfx86) . (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Minifilter Driver.) - C:\WINDOWS\system32\Drivers\avgmfx86.sys
O41 - Driver: AVG Free Network Redirector (AvgTdiX) . (.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) - C:\WINDOWS\system32\Drivers\avgtdix.sys


---\\ Logiciels installés (O42)
O42 - Logiciel: 7-Zip 4.57 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: AVG Free 9.0 - (.AVG Technologies.) [HKLM]
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM]
O42 - Logiciel: Adobe Community Help - (.Adobe Systems Incorporated.) [HKLM]
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM]
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM]
O42 - Logiciel: Adobe Photoshop CS5 - (.Adobe Systems Incorporated.) [HKLM]
O42 - Logiciel: Adobe Reader 9.1 - Français - (.Adobe Systems Incorporated.) [HKLM]
O42 - Logiciel: Akamai NetSession Interface - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Broadcom 440x 10/100 Integrated Controller - (.Broadcom Corporation.) [HKLM]
O42 - Logiciel: Ciel Auto-entrepreneur Facile 1.40 - (.Ciel.) [HKLM]
O42 - Logiciel: Conexant HDA D110 MDC V.92 Modem - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: EasyPHP 2.0b1 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: FileZilla Client 3.1.2 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Flash Decompiler Trillix - (.Eltima Software.) [HKLM]
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM]
O42 - Logiciel: High Definition Audio Driver Package - KB835221 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Windows Media Player 10 (KB903157) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: IKEA Home Planner - (.IKEA IT.) [HKLM]
O42 - Logiciel: Image Resizer Powertoy for Windows XP - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: J2SE Runtime Environment 5.0 - (.Sun Microsystems, Inc..) [HKLM]
O42 - Logiciel: Java(TM) 6 Update 17 - (.Sun Microsystems, Inc..) [HKLM]
O42 - Logiciel: Java(TM) 6 Update 4 - (.Sun Microsystems, Inc..) [HKLM]
O42 - Logiciel: Java(TM) 6 Update 7 - (.Sun Microsystems, Inc..) [HKLM]
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: K-Lite Codec Pack 3.9.5 (Standard) - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Logiciel Intel(R) PROSet/Wireless - (.Intel Corporation.) [HKLM]
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM]
O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: MSXML 6.0 Parser (KB927977) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Macromedia Flash MX - (.Macromedia.) [HKLM]
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM]
O42 - Logiciel: MapExpert Professionnel v 2.6.0 - (.Solutions CODEXPERT enr..) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 1.0 Hotfix (KB953295) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB953297) - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office Live Add-in 1.3 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office PowerPoint Viewer 2007 (French) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office XP Professional avec FrontPage - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Virtual PC 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft_VC80_ATL_x86 - (.Adobe.) [HKLM]
O42 - Logiciel: Microsoft_VC80_CRT_x86 - (.Adobe.) [HKLM]
O42 - Logiciel: Microsoft_VC80_MFCLOC_x86 - (.Adobe.) [HKLM]
O42 - Logiciel: Microsoft_VC80_MFC_x86 - (.Adobe.) [HKLM]
O42 - Logiciel: Microsoft_VC90_ATL_x86 - (.Adobe.) [HKLM]
O42 - Logiciel: Microsoft_VC90_CRT_x86 - (.Adobe.) [HKLM]
O42 - Logiciel: Microsoft_VC90_MFC_x86 - (.Adobe.) [HKLM]
O42 - Logiciel: Module de compatibilité pour Microsoft Office System 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Mozilla Firefox (3.5.3) - (.Mozilla.) [HKLM]
O42 - Logiciel: Mozilla Thunderbird (3.0.4) - (.Mozilla.) [HKLM]
O42 - Logiciel: Nero 7 Essentials - (.Nero AG.) [HKLM]
O42 - Logiciel: OpenOffice.org 2.4 - (.OpenOffice.org.) [HKLM]
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: PDF Settings CS5 - (.Adobe Systems Incorporated.) [HKLM]
O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM]
O42 - Logiciel: Package de pilotes Windows - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) - (.Ricoh Company.) [HKLM]
O42 - Logiciel: Paint Shop Pro 7 - (.Jasc Software Inc.) [HKLM]
O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM]
O42 - Logiciel: Poedit - (.Vaclav Slavik.) [HKLM]
O42 - Logiciel: PowerKit 1.0 - (.Astase.) [HKLM]
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM]
O42 - Logiciel: Safari - (.Apple Inc..) [HKLM]
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM]
O42 - Logiciel: SigmaTel Audio - (.SigmaTel.) [HKLM]
O42 - Logiciel: Skype web features - (.Skype Technologies S.A..) [HKLM]
O42 - Logiciel: Skype™ 4.1 - (.Skype Technologies S.A..) [HKLM]
O42 - Logiciel: Sophos Anti-Rootkit 1.5.4 - (.Sophos Plc.) [HKLM]
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM]
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics.) [HKLM]
O42 - Logiciel: TextPad 4.7 - (.Nom de votre société.) [HKLM]
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: VideoLAN VLC media player 0.8.6h - (.VideoLAN Team.) [HKLM]
O42 - Logiciel: WampServer 2.0 - (.Romain Bourdon (Roms).) [HKLM]
O42 - Logiciel: Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Live Sync - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM]
O42 - Logiciel: Windows XP Media Center Edition 2005 KB919803 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows XP Media Center Edition 2005 KB925766 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows XP Media Center Edition 2005 KB973768 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Yooda Submit - (.ALDEIS S.A.R.L..) [HKLM]
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM]
O42 - Logiciel: mDriver - (.Intel.) [HKLM]
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM]

---\\ HKCU & HKLM Software Keys
[HKCU\Software\7-Zip]
[HKCU\Software\ALWIL Software]
[HKCU\Software\Adobe Lightroom]
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\AppDataLow\ISWVolatile]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Astase]
[HKCU\Software\Avg]
[HKCU\Software\BitDefender]
[HKCU\Software\CDDB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Cyberlink]
[HKCU\Software\DivXNetworks]
[HKCU\Software\ESET]
[HKCU\Software\Earth Resource Mapping]
[HKCU\Software\Eltima Software]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Gabest]
[HKCU\Software\Genesis Digital Innovations]
[HKCU\Software\Google]
[HKCU\Software\Graphisoft]
[HKCU\Software\HaaliMkx]
[HKCU\Software\Haali]
[HKCU\Software\Helios]
[HKCU\Software\IGN]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\Jasc]
[HKCU\Software\JavaSoft]
[HKCU\Software\LowRegistry]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MediaInfo]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\PDFCreator]
[HKCU\Software\Policies]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\Silverlab]
[HKCU\Software\Sky-Banners]
[HKCU\Software\Skype]
[HKCU\Software\Sunbelt Software]
[HKCU\Software\Synaptics]
[HKCU\Software\Sysinternals]
[HKCU\Software\TG0PTF86JH]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VRZJ8K91NT]
[HKCU\Software\Vaclav Slavik]
[HKCU\Software\WIBU-SYSTEMS]
[HKCU\Software\Wget]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\XNS_stan5_vc]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\ionCube]
[HKLM\Software\ALWIL Software]
[HKLM\Software\Adobe]
[HKLM\Software\Ahead]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Audible]
[HKLM\Software\Avg]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CXT]
[HKLM\Software\CheckPoint]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Codec Tweak Tool]
[HKLM\Software\Conexant]
[HKLM\Software\Cyberlink]
[HKLM\Software\Dell Computer Corporation]
[HKLM\Software\DivXNetworks]
[HKLM\Software\Earth Resource Mapping]
[HKLM\Software\Eltima Software]
[HKLM\Software\Eltima]
[HKLM\Software\Eset]
[HKLM\Software\FileZilla 3]
[HKLM\Software\GNU]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\HaaliMkx]
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KLCodecPack]
[HKLM\Software\Licenses]
[HKLM\Software\MDC]
[HKLM\Software\Macromedia]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\Normandy]
[HKLM\Software\ODBC]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\Policies]
[HKLM\Software\Preview Systems]
[HKLM\Software\Program Groups]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Sage]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\SigmaTel]
[HKLM\Software\Sky-Banners]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\Sunbelt Software]
[HKLM\Software\Symantec]
[HKLM\Software\Synaptics]
[HKLM\Software\Thomson]
[HKLM\Software\TrendMicro]
[HKLM\Software\Trolltech]
[HKLM\Software\VideoLAN]
[HKLM\Software\WIBU-SYSTEMS]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Yooda]
[HKLM\Software\Zone Labs]
[HKLM\Software\mozilla.org]
[HKLM\Software\swearware]

chrifleur
 Posté le 23/07/2010 à 21:52 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

la suite STP, il reste pas mal de coch....ries et on va tout enlever d'un coup....

gaby.zeze
 Posté le 23/07/2010 à 22:00 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Test

Impossible d'insérer la suite dans le forum. Je re-tente.

chrifleur
 Posté le 23/07/2010 à 22:02 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

poste le ici dans ce cas

http://cjoint.com/



Modifié par chrifleur le 23/07/2010 22:03
gaby.zeze
 Posté le 23/07/2010 à 22:19 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Impossible ni même avec http://dl.free.fr/

Ca m'exaspère '( + Impression que mes comptes mails sont piratés '(

Le copié collé non plus, message d'erreur Firefox "La connexion a été réintialisée"

Pouvez vous voir le rapport sur ce lien ? : https://www.yousendit.com/download/ T1VtWmdwbWdEbUpjR0E9PQ

Publicité
gaby.zeze
 Posté le 23/07/2010 à 22:20 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne
chrifleur
 Posté le 23/07/2010 à 22:54 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

il y a du monde en effet!!!

1/

  • Télécharger TDSSkiller de Kaspersky sur le Bureau,
  • Dézipper l'archive sur le Bureau (Clic droit>Extraire ici),
  • Un dossier TDSSkiller doit être créé sur le Bureau. Il doit contenir le fichier TDSSKiller.exe. Si ça n'est pas le cas, créer le dossier et y placer le fichier.
  • Cliquer sur Démarrer>Exécuter puis taper exactement ceci : "%userprofile%\bureau\tdsskiller\TDSSKiller.exe" -l report.txt -v
  • Valider avec la touche entrée.
  • Une fenêtre noire se refermera lorsque l'outil aura terminé son analyse. Il n'y a normalement pas de redémarrage.
  • Le rapport report.txt généré par l'outil est enregistré dans le dossier TDSSKiller.
  • Ouvrir ce rapport, puis faire CTRL+A puis CTRL+C
  • Copier le contenu de ce rapport sur le forum en faisant CTRL+V.

2/

Désactiver ton antivirus.

Télécharge Ad-remover :

http://pagesperso-orange.fr/NosTools/ad_remover.html

VISTA : installation et lancement par Clic droit et "Exécuter en tant qu'administrateur"

• Installe Ad-remover ,
• Lance Ad-remover à partir de l’icône sur le bureau,
• Au menu principal choisis l'option "A" pour un Scan,
poste le rapport obtenu ( C:\Ad-report.log ).


AD-REMOVER : Étape 2
• Relancez "Ad-remover",
• Choisissez l'option "B" .
• Sélectionnez >> Suppression [ ]
• Entrez "S" (Supprimer les éléments cochés)
► Affichez le rapport généré (C:\Ad-report-date.log )

/!\ Si le Bureau ne réapparait pas pressez <Ctrl> <Alt> <Suppr>,
/!\ Onglet.exe et validez
"Fichier" --> "Nouvelle tâche" ,
/!\ Entrez explorer
Réactiver votre antivirus.

3/

suis ce tutoriel et copie colle ces lignes comme indiqué

https://forum.pcastuces.com/zhpdiag___zhpfix-f31s55.htm?page=1&#3706094

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
[HKCU\Software\Sky-Banners]
[HKCU\Software\VRZJ8K91NT]
[HKCU\Software\TG0PTF86JH]
[HKCU\Software\VRZJ8K91NT]
[HKCU\Software\XNS_stan5_vc]
[HKLM\Software\Sky-Banners]
O44 - LFC:[MD5.C186F2674AB19202285FC2B84D221927] - 20/07/2010 - 13:46:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\zrpt.xml [150]
O64 - Services: CurCS - (.not file.) - 02e4dec5 (02e4dec5) .(.Pas de propriétaire - Pas de description.) - LEGACY_02E4DEC5
O64 - Services: CurCS - (.not file.) - 0814c44a (0814c44a) .(.Pas de propriétaire - Pas de description.) - LEGACY_0814C44A
O64 - Services: CurCS - (.not file.) - 0b5caffb (0b5caffb) .(.Pas de propriétaire - Pas de description.) - LEGACY_0B5CAFFB
O64 - Services: CurCS - (.not file.) - 2d3bbc86 (2d3bbc86) .(.Pas de propriétaire - Pas de description.) - LEGACY_2D3BBC86
O64 - Services: CurCS - (.not file.) - 3096059c (3096059c) .(.Pas de propriétaire - Pas de description.) - LEGACY_3096059C
O64 - Services: CurCS - (.not file.) - 4214451d (4214451d) .(.Pas de propriétaire - Pas de description.) - LEGACY_4214451D
O64 - Services: CurCS - (.not file.) - 4a0b9c4e (4a0b9c4e) .(.Pas de propriétaire - Pas de description.) - LEGACY_4A0B9C4E
O64 - Services: CurCS - (.not file.) - 584151be (584151be) .(.Pas de propriétaire - Pas de description.) - LEGACY_584151BE
O64 - Services: CurCS - (.not file.) - 65ef7d2d (65ef7d2d) .(.Pas de propriétaire - Pas de description.) - LEGACY_65EF7D2D
O64 - Services: CurCS - (.not file.) - 68b61d30 (68b61d30) .(.Pas de propriétaire - Pas de description.) - LEGACY_68B61D30
O64 - Services: CurCS - (.not file.) - 9e69df97 (9e69df97) .(.Pas de propriétaire - Pas de description.) - LEGACY_9E69DF97
O64 - Services: CurCS - (.not file.) - a9e4cc3f (a9e4cc3f) .(.Pas de propriétaire - Pas de description.) - LEGACY_A9E4CC3F
O64 - Services: CurCS - (.not file.) - bbde43d9 (bbde43d9) .(.Pas de propriétaire - Pas de description.) - LEGACY_BBDE43D9
O64 - Services: CurCS -(.not file.) - c345c40b (c345c40b) .(.Pas de propriétaire - Pas de description.) - LEGACY_C345C40B
O64 - Services: CurCS - (.not file.) - cbc2c333 (cbc2c333) .(.Pas de propriétaire - Pas de description.) - LEGACY_CBC2C333
O64 - Services: CurCS - (.not file.) - cbdibapbuthwevx (cbdibapbuthwevx) .(.Pas de propriétaire - Pas de description.) - LEGACY_CBDIBAPBUTHWEVX
O64 - Services: CurCS - (.not file.) - e14f76db (e14f76db) .(.Pas de propriétaire - Pas de description.) - LEGACY_E14F76DB
O64 - Services: CurCS - (.not file.) - e6e8c6d0 (e6e8c6d0) .(.Pas de propriétaire - Pas de description.) - LEGACY_E6E8C6D0
O64 - Services: CurCS - (.not file.) - f3354aad (f3354aad) .(.Pas de propriétaire - Pas de description.) - LEGACY_F3354AAD
O64 - Services: CurCS - (.not file.) - klmd23 (klmd23) .(.Pas de propriétaire - Pas de description.) - LEGACY_KLMD23
O64 - Services: CurCS - (.not file.) - pxrcrpoc (pxrcrpoc) .(.Pas de propriétaire - Pas de description.) - LEGACY_PXRCRPOC
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe

4/

démarrer / exécuter

copie colle

ComboFix /uninstall

5/

suis ce tutoriel et supprime tout ce qui est trouvé, poste son rapport

https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

6/

suis cet autre tutoriel et poste son rapport

https://forum.pcastuces.com/eset_online_scanner___nouvelle_version___tutoriel-f31s56.htm

à demain pour la suite

gaby.zeze
 Posté le 23/07/2010 à 23:11 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

TDSSkiller de Kaspersky

J'ai une erreur "Valid command line parameter".

Sans l'option -v, TDSSKiller se lance, ensuite j'ai cliqué scan puis report. Voici le rapport :

2010/07/23 23:08:34.0046 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/23 23:08:34.0046 ================================================================================
2010/07/23 23:08:34.0046 SystemInfo:
2010/07/23 23:08:34.0046
2010/07/23 23:08:34.0046 OS Version: 5.1.2600 ServicePack: 3.0
2010/07/23 23:08:34.0046 Product type: Workstation
2010/07/23 23:08:34.0046 ComputerName: INSPIRON
2010/07/23 23:08:34.0046 UserName: Gabrielle
2010/07/23 23:08:34.0046 Windows directory: C:\WINDOWS
2010/07/23 23:08:34.0046 System windows directory: C:\WINDOWS
2010/07/23 23:08:34.0046 Processor architecture: Intel x86
2010/07/23 23:08:34.0046 Number of processors: 2
2010/07/23 23:08:34.0046 Page size: 0x1000
2010/07/23 23:08:34.0046 Boot type: Normal boot
2010/07/23 23:08:34.0046 ================================================================================
2010/07/23 23:08:34.0265 Initialize success
2010/07/23 23:08:48.0906 ================================================================================
2010/07/23 23:08:48.0906 Scan started
2010/07/23 23:08:48.0906 Mode: Manual;
2010/07/23 23:08:48.0906 ================================================================================
2010/07/23 23:08:49.0312 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/07/23 23:08:49.0359 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/07/23 23:08:49.0406 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/07/23 23:08:49.0421 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/07/23 23:08:49.0500 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/07/23 23:08:49.0546 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/07/23 23:08:49.0593 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/07/23 23:08:49.0640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/07/23 23:08:49.0718 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/07/23 23:08:49.0750 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/07/23 23:08:49.0765 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/07/23 23:08:49.0781 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/07/23 23:08:49.0828 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/07/23 23:08:49.0843 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/07/23 23:08:49.0937 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/07/23 23:08:49.0968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/07/23 23:08:50.0000 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/07/23 23:08:50.0031 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/07/23 23:08:50.0046 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/07/23 23:08:50.0078 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/07/23 23:08:50.0125 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/07/23 23:08:50.0156 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2010/07/23 23:08:50.0203 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2010/07/23 23:08:50.0218 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/07/23 23:08:50.0234 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/07/23 23:08:50.0265 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/07/23 23:08:50.0281 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/07/23 23:08:50.0312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/07/23 23:08:50.0328 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2010/07/23 23:08:50.0359 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/07/23 23:08:50.0375 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/07/23 23:08:50.0390 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/07/23 23:08:50.0406 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/07/23 23:08:50.0437 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/07/23 23:08:50.0468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/07/23 23:08:50.0484 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/07/23 23:08:50.0515 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/07/23 23:08:50.0546 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/07/23 23:08:50.0625 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/07/23 23:08:50.0687 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/07/23 23:08:50.0781 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/07/23 23:08:50.0968 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/07/23 23:08:51.0109 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/07/23 23:08:51.0171 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/07/23 23:08:51.0218 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/07/23 23:08:51.0234 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/07/23 23:08:51.0265 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/07/23 23:08:51.0296 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/07/23 23:08:51.0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/07/23 23:08:51.0343 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/07/23 23:08:51.0375 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/07/23 23:08:51.0390 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/07/23 23:08:51.0421 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/07/23 23:08:51.0453 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/07/23 23:08:51.0484 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/07/23 23:08:51.0531 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/07/23 23:08:51.0593 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/07/23 23:08:51.0640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/07/23 23:08:51.0656 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2010/07/23 23:08:51.0671 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/07/23 23:08:51.0703 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/07/23 23:08:51.0718 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/07/23 23:08:51.0750 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/07/23 23:08:51.0796 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/07/23 23:08:51.0812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/07/23 23:08:51.0828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/07/23 23:08:51.0843 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/07/23 23:08:51.0859 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/07/23 23:08:51.0875 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/07/23 23:08:51.0890 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/07/23 23:08:51.0906 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/07/23 23:08:51.0921 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/07/23 23:08:51.0953 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/07/23 23:08:51.0968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/07/23 23:08:52.0000 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/07/23 23:08:52.0015 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/07/23 23:08:52.0046 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/07/23 23:08:52.0125 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2010/07/23 23:08:52.0187 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/07/23 23:08:52.0218 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/07/23 23:08:52.0265 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/07/23 23:08:52.0281 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/07/23 23:08:52.0312 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/07/23 23:08:52.0343 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/07/23 23:08:52.0375 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/07/23 23:08:52.0421 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
2010/07/23 23:08:52.0437 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/07/23 23:08:52.0453 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/07/23 23:08:52.0484 PCAMPR5 (b670c5d89f0726b7a2a7dfb4e968cdf8) C:\WINDOWS\system32\PCAMPR5.SYS
2010/07/23 23:08:52.0500 PCANDIS5 (ecd2f9d67b06606064daf6961a6d5efe) C:\WINDOWS\system32\PCANDIS5.SYS
2010/07/23 23:08:52.0531 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/07/23 23:08:52.0546 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/07/23 23:08:52.0578 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/07/23 23:08:52.0656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/07/23 23:08:52.0671 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/07/23 23:08:52.0703 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/07/23 23:08:52.0718 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/07/23 23:08:52.0781 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/07/23 23:08:52.0796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/07/23 23:08:52.0812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/07/23 23:08:52.0828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/07/23 23:08:52.0859 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/07/23 23:08:52.0875 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/07/23 23:08:52.0890 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/07/23 23:08:52.0906 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/07/23 23:08:52.0921 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/07/23 23:08:52.0968 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/07/23 23:08:52.0968 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/07/23 23:08:52.0984 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/07/23 23:08:53.0015 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/07/23 23:08:53.0031 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/07/23 23:08:53.0062 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
2010/07/23 23:08:53.0093 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/07/23 23:08:53.0093 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/07/23 23:08:53.0125 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/07/23 23:08:53.0156 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/07/23 23:08:53.0171 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/07/23 23:08:53.0218 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/07/23 23:08:53.0281 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2010/07/23 23:08:53.0312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/07/23 23:08:53.0328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/07/23 23:08:53.0421 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/07/23 23:08:53.0437 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/07/23 23:08:53.0500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/07/23 23:08:53.0531 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/07/23 23:08:53.0546 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/07/23 23:08:53.0562 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/07/23 23:08:53.0593 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/07/23 23:08:53.0640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/07/23 23:08:53.0671 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/07/23 23:08:53.0703 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/07/23 23:08:53.0734 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/07/23 23:08:53.0765 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/07/23 23:08:53.0765 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/07/23 23:08:53.0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/07/23 23:08:53.0859 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
2010/07/23 23:08:53.0890 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/07/23 23:08:53.0906 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
2010/07/23 23:08:53.0921 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/07/23 23:08:53.0984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/07/23 23:08:54.0031 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/07/23 23:08:54.0093 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/07/23 23:08:54.0109 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/07/23 23:08:54.0140 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/07/23 23:08:54.0171 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/07/23 23:08:54.0203 ================================================================================
2010/07/23 23:08:54.0203 Scan finished
2010/07/23 23:08:54.0203 ================================================================================

gaby.zeze
 Posté le 23/07/2010 à 23:18 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

2\ Ad-Remover, voici le rapport :

======= RAPPORT D'AD-REMOVER 2.0.0.1,D | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 21/07/10 à 14:00
Contact: AdRemover.contact[AT]gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 23:14:57 le 23/07/2010, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
Gabrielle@INSPIRON ( )

============== RECHERCHE ==============



1,Clé trouvée: HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}
1,Clé trouvée: HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
0,Clé trouvée: HKLM\Software\Classes\ToolBand.EasyHideBtn
0,Clé trouvée: HKLM\Software\Classes\ToolBand.EasyHideBtn.1
0,Clé trouvée: HKLM\Software\Classes\ToolBand.SkypeIEHelper
0,Clé trouvée: HKLM\Software\Classes\ToolBand.SkypeIEHelper.1
0,Clé trouvée: HKLM\Software\Sky-Banners
0,Clé trouvée: HKCU\Software\Sky-Banners
0,Clé trouvée: HKLM\Software\Classes\AppID\{38061EDC-40BB-4618-A8DA-E56353347E6D}
0,Clé trouvée: HKLM\Software\Classes\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}
0,Clé trouvée: HKLM\Software\Classes\AppID\{7B6A2552-E65B-4A9E-ADD4-C45577FFD8FD}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.5.3 (fr)] **

-- C:\Documents and Settings\Gabrielle\Application Data\Mozilla\FireFox\Profiles\wurinhwc.default\Prefs.js --
browser.download.lastDir, D:\\_Mes Sites\\_Autres\\graphpaperpress\\gridline\\download
browser.startup.homepage, hxxp://google.com
browser.startup.homepage_override.mstone, rv:1.9.1.3

-- C:\Documents and Settings\2\Application Data\Mozilla\FireFox\Profiles\e75nla63.default\Prefs.js --
browser.startup.homepage, google.fr
browser.startup.homepage_override.mstone, rv:1.9.0.8

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: hxxp://google.com/
Use Custom Search URL: 0

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.msn.com/
Use Custom Search URL: 0

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 23/07/2010 (451 Octet(s))

Fin à: 23:17:24, 23/07/2010

============== E.O.F ==============

gaby.zeze
 Posté le 23/07/2010 à 23:26 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

2\ Ad-Remover, après suppression, voici le rapport :

======= RAPPORT D'AD-REMOVER 2.0.0.1,D | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 21/07/10 à 14:00
Contact: AdRemover.contact[AT]gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 23:20:02 le 23/07/2010, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
Gabrielle@INSPIRON ( )

============== ACTION(S) ==============



(!) -- Fichiers temporaires supprimés.


1,Clé supprimée: HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}
1,Clé supprimée: HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
0,Clé supprimée: HKLM\Software\Classes\ToolBand.EasyHideBtn
0,Clé supprimée: HKLM\Software\Classes\ToolBand.EasyHideBtn.1
0,Clé supprimée: HKLM\Software\Classes\ToolBand.SkypeIEHelper
0,Clé supprimée: HKLM\Software\Classes\ToolBand.SkypeIEHelper.1
0,Clé supprimée: HKLM\Software\Sky-Banners
0,Clé supprimée: HKCU\Software\Sky-Banners
0,Clé supprimée: HKLM\Software\Classes\AppID\{38061EDC-40BB-4618-A8DA-E56353347E6D}
0,Clé supprimée: HKLM\Software\Classes\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}
0,Clé supprimée: HKLM\Software\Classes\AppID\{7B6A2552-E65B-4A9E-ADD4-C45577FFD8FD}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.5.3 (fr)] **

-- C:\Documents and Settings\Gabrielle\Application Data\Mozilla\FireFox\Profiles\wurinhwc.default\Prefs.js --
browser.download.lastDir, D:\\_Mes Sites\\_Autres\\graphpaperpress\\gridline\\download
browser.startup.homepage, hxxp://google.com
browser.startup.homepage_override.mstone, rv:1.9.1.3

-- C:\Documents and Settings\2\Application Data\Mozilla\FireFox\Profiles\e75nla63.default\Prefs.js --
browser.startup.homepage, google.fr
browser.startup.homepage_override.mstone, rv:1.9.0.8

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 0

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 0

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 23/07/2010 (496 Octet(s))
C:\Ad-Report-SCAN[1].txt - 23/07/2010 (3067 Octet(s))

Fin à: 23:22:19, 23/07/2010

============== E.O.F ==============

gaby.zeze
 Posté le 23/07/2010 à 23:50 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

3/ ZHPFix Voici le report

Rapport de ZHPFix v1.12.3126 par Nicolas Coolman, Update du 23/07/2010
Fichier d'export Registre : C:\ZHPExportRegistry-23-07-2010-23-49-01.txt
Run by Gabrielle at 23/07/2010 23:49:08
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Clé du Registre ==========
HKCU\Software\Sky-Banners => Clé absente
HKCU\Software\VRZJ8K91NT => Clé absente
HKCU\Software\TG0PTF86JH => Clé absente
HKCU\Software\XNS_stan5_vc => Clé absente
HKLM\Software\Sky-Banners => Clé absente
O64 - Services: CurCS - (.not file.) - 02e4dec5 (02e4dec5) .(.Pas de propriétaire - Pas de description.) - LEGACY_02E4DEC5 => Clé absente
O64 - Services: CurCS - (.not file.) - 0814c44a (0814c44a) .(.Pas de propriétaire - Pas de description.) - LEGACY_0814C44A => Clé absente
O64 - Services: CurCS - (.not file.) - 0b5caffb (0b5caffb) .(.Pas de propriétaire - Pas de description.) - LEGACY_0B5CAFFB => Clé absente
O64 - Services: CurCS - (.not file.) - 2d3bbc86 (2d3bbc86) .(.Pas de propriétaire - Pas de description.) - LEGACY_2D3BBC86 => Clé absente
O64 - Services: CurCS - (.not file.) - 3096059c (3096059c) .(.Pas de propriétaire - Pas de description.) - LEGACY_3096059C => Clé absente
O64 - Services: CurCS - (.not file.) - 4214451d (4214451d) .(.Pas de propriétaire - Pas de description.) - LEGACY_4214451D => Clé absente
O64 - Services: CurCS - (.not file.) - 4a0b9c4e (4a0b9c4e) .(.Pas de propriétaire - Pas de description.) - LEGACY_4A0B9C4E => Clé absente
O64 - Services: CurCS - (.not file.) - 584151be (584151be) .(.Pas de propriétaire - Pas de description.) - LEGACY_584151BE => Clé absente
O64 - Services: CurCS - (.not file.) - 65ef7d2d (65ef7d2d) .(.Pas de propriétaire - Pas de description.) - LEGACY_65EF7D2D => Clé absente
O64 - Services: CurCS - (.not file.) - 68b61d30 (68b61d30) .(.Pas de propriétaire - Pas de description.) - LEGACY_68B61D30 => Clé absente
O64 - Services: CurCS - (.not file.) - 9e69df97 (9e69df97) .(.Pas de propriétaire - Pas de description.) - LEGACY_9E69DF97 => Clé absente
O64 - Services: CurCS - (.not file.) - a9e4cc3f (a9e4cc3f) .(.Pas de propriétaire - Pas de description.) - LEGACY_A9E4CC3F => Clé absente
O64 - Services: CurCS - (.not file.) - bbde43d9 (bbde43d9) .(.Pas de propriétaire - Pas de description.) - LEGACY_BBDE43D9 => Clé absente
O64 - Services: CurCS -(.not file.) - c345c40b (c345c40b) .(.Pas de propriétaire - Pas de description.) - LEGACY_C345C40B => Clé absente
O64 - Services: CurCS - (.not file.) - cbc2c333 (cbc2c333) .(.Pas de propriétaire - Pas de description.) - LEGACY_CBC2C333 => Clé supprimée avec succès
O64 - Services: CurCS - (.not file.) - cbdibapbuthwevx (cbdibapbuthwevx) .(.Pas de propriétaire - Pas de description.) - LEGACY_CBDIBAPBUTHWEVX => Clé supprimée avec succès
O64 - Services: CurCS - (.not file.) - e14f76db (e14f76db) .(.Pas de propriétaire - Pas de description.) - LEGACY_E14F76DB => Clé supprimée avec succès
O64 - Services: CurCS - (.not file.) - e6e8c6d0 (e6e8c6d0) .(.Pas de propriétaire - Pas de description.) - LEGACY_E6E8C6D0 => Clé supprimée avec succès
O64 - Services: CurCS - (.not file.) - f3354aad (f3354aad) .(.Pas de propriétaire - Pas de description.) - LEGACY_F3354AAD => Clé supprimée avec succès
O64 - Services: CurCS - (.not file.) - klmd23 (klmd23) .(.Pas de propriétaire - Pas de description.) - LEGACY_KLMD23 => Clé supprimée avec succès
O64 - Services: CurCS - (.not file.) - pxrcrpoc (pxrcrpoc) .(.Pas de propriétaire - Pas de description.) - LEGACY_PXRCRPOC => Clé supprimée avec succès

========== Valeur(s) du Registre ==========
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe => Valeur supprimée avec succès
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe => Valeur absente

========== Fichier(s) ==========
c:\zrpt.xml => Fichier absent


========== Récapitulatif ==========
26 : Clé du Registre
2 : Valeur(s) du Registre
1 : Fichier(s)


End of the scan

chrifleur
 Posté le 24/07/2010 à 09:27 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

un nouveau rapport ZHPDiag

comment se comporte le PC?

gaby.zeze
 Posté le 24/07/2010 à 10:06 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Bonjour,

Merci à nouveau d'être là.

Malheureusement, le pécé pas mieux : les fenêtres intempestives s'ouvrent toujours,

Toujours la mauvaise impression d'être "sur-écoute" ! '(

Je scanne et vous poste les rapports ZHPDiag et ESET Online en suivant.

Ci dessous les rapport Malwarebytes.

4\ Désintaller ComboFix > OK

5\ Rapport Malwarebytes'

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/07/2010 01:56:58
mbam-log-2010-07-24 (01-56-58).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 376436
Temps écoulé: 1 heure(s), 56 minute(s), 26 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Navilog1\gnc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Bureau\PC_Antispyware2010.lnk (Rogue.PCAntispy) -> Quarantined and deleted successfully.

chrifleur
 Posté le 24/07/2010 à 10:10 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

j'attends le rapport Eset

et tu me dis ensuite quels sont tous les dysfonctionnements que tu constates

Publicité
Pages : [1] 2 3 ... Fin
Page 1 sur 3 [Fin]

Vous devez être connecté pour poster des messages. Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !


Sujets relatifs
Virus Win32/Patched ou Winlogon.exe infecté
Virus Rootkit Kobcka Patched Gen
Virus win32 Malware Gen
virus-win32/patched.cg
virus win32:malware-gen
Virus rootkit.Win32 persistent
virus win32 malware gen
Virus : Win32:Patched-HN
Virus Win32: Trojan-gen (Other)+Rootkit-Gen [Rtk]
virus win32-rootkit-gen
Plus de sujets relatifs à AVG report Win32/Patched.DX virus/rootkit/malware
 > Tous les forums > Forum Sécurité