Sujet Précédent Sujet Suivant

Virus : Worm.Python.Lesta.A. HHELP

Fermé
Navid_92 Messages postés 711 Date d'inscription dimanche 7 décembre 2008 Statut Membre Dernière intervention 12 février 2015 - 23 mars 2009 à 14:03
Navid_92 Messages postés 711 Date d'inscription dimanche 7 décembre 2008 Statut Membre Dernière intervention 12 février 2015 - 23 mars 2009 à 20:42
Bonjour,
Je suis infecté par Worm.Python.Lesta.A.

VOila un rapport jack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:01:12, on 23/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Dofus\Dofus.exe
C:\Program Files\Dofus\dofus.dll
C:\Program Files\Dofus\Dofus.exe
C:\Program Files\Dofus\dofus.dll
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:/Documents and Settings/Navid/Bureau/De_train/Streamy/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer = 212.27.40.240,212.27.40.241
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:

5 réponses

Réponse 1 / 5
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
23 mars 2009 à 14:30
slt
quels fichiers sont infectés?


_________________



scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 2 / 5
Navid_92 Messages postés 711 Date d'inscription dimanche 7 décembre 2008 Statut Membre Dernière intervention 12 février 2015 87
23 mars 2009 à 19:31
Rapport Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1872
Windows 5.1.2600 Service Pack 3

22/03/2009 18:13:40
mbam-log-2009-03-23 (18-13-40).txt

Type de recherche: Examen rapide
Eléments examinés: 79305
Temps écoulé: 3 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\_IsUser.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Je suis en train de faire les autres.
0
Réponse 3 / 5
Navid_92 Messages postés 711 Date d'inscription dimanche 7 décembre 2008 Statut Membre Dernière intervention 12 février 2015 87
23 mars 2009 à 19:33
Logfile of random's system information tool 1.06 (written by random/random)
Run by Navid at 2009-03-23 19:31:23
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 9 GB (7%) free of 116 GB
Total RAM: 3070 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:34, on 23/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Documents and Settings\Navid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Navid\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Navid.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:/Documents and Settings/Navid/Bureau/De_train/Streamy/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer = 212.27.40.240,212.27.40.241
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 4 / 5
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
23 mars 2009 à 20:24
telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !



Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :




File::
C:\PROGRA~1\PALTAL~1\palstart.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PalStart.lnk]






Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

_______________________


colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
Navid_92 Messages postés 711 Date d'inscription dimanche 7 décembre 2008 Statut Membre Dernière intervention 12 février 2015 87
23 mars 2009 à 20:42
ComboFix 09-03-22.01 - Navid 2009-03-23 20:28:54.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3070.2333 [GMT 1:00]
Lancé depuis: c:\documents and settings\Navid\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Navid\Bureau\CFscript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Un nouveau point de restauration a été créé

FILE ::
c:\progra~1\PALTAL~1\palstart.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\PALTAL~1\palstart.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-23 au 2009-03-23 ))))))))))))))))))))))))))))))))))))
.

2009-03-23 19:45 . 2009-03-23 20:00 <REP> d-------- c:\program files\RegCleaner
2009-03-23 00:50 . 2009-03-23 00:50 <REP> d--hs---- c:\documents and settings\Navid\IECompatCache
2009-03-23 00:49 . 2009-03-23 00:49 <REP> d--hs---- c:\documents and settings\Navid\PrivacIE
2009-03-23 00:47 . 2009-03-23 00:47 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-23 00:47 . 2009-03-23 00:47 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-23 00:46 . 2009-03-23 12:01 <REP> d-------- c:\windows\system32\drivers\Avg
2009-03-23 00:46 . 2009-03-23 00:46 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-23 00:46 . 2009-03-23 00:46 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-23 00:42 . 2009-03-23 20:31 393,248 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-03-23 00:42 . 2009-03-23 02:05 2,804 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-03-23 00:32 . 2009-03-23 00:32 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2009-03-23 00:32 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
2009-03-23 00:32 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
2009-03-23 00:32 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
2009-03-23 00:32 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
2009-03-23 00:31 . 2009-03-23 00:32 <REP> d-------- c:\windows\system32\ZoneLabs
2009-03-23 00:31 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll
2009-03-23 00:31 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe
2009-03-23 00:31 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2009-03-23 00:30 . 2009-03-23 11:59 358,382 --a------ c:\windows\system32\vsconfig.xml
2009-03-23 00:20 . 2009-03-23 00:22 47,713,680 --a------ c:\program files\zaSetup_fr.exe
2009-03-22 23:20 . 2009-03-23 00:18 81,984 --a------ c:\windows\system32\bdod.bin
2009-03-22 23:16 . 2009-03-23 00:19 <REP> d-------- c:\program files\Fichiers communs\Softwin
2009-03-22 23:13 . 2009-03-22 23:13 <REP> d-------- c:\program files\Sunbelt Software
2009-03-22 22:53 . 2009-03-22 22:53 <REP> d--hs---- c:\documents and settings\Navid\IETldCache
2009-03-22 22:47 . 2009-03-22 22:47 <REP> d-------- c:\program files\Zone Labs
2009-03-22 22:47 . 2009-03-23 00:47 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-03-22 22:46 . 2009-03-23 19:48 <REP> d-------- c:\windows\Internet Logs
2009-03-22 20:46 . 2009-03-22 20:46 <REP> d-------- c:\windows\ie8updates
2009-03-22 20:44 . 2009-03-22 20:45 <REP> d--h-c--- c:\windows\ie8
2009-03-22 20:41 . 2009-02-28 05:55 105,984 --------- c:\windows\system32\dllcache\iecompat.dll
2009-03-20 16:48 . 2009-03-20 16:48 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-03-19 21:19 . 2009-03-19 21:27 <REP> d-------- c:\windows\BDOSCAN8
2009-03-18 20:20 . 2009-03-18 20:20 <REP> d-------- c:\program files\AutoIt3
2009-03-18 18:49 . 2009-03-18 18:49 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2009-03-18 18:49 . 2009-03-18 18:49 <REP> d-------- c:\program files\Adobe Media Player
2009-03-18 13:19 . 2009-03-18 13:50 <REP> d-------- c:\program files\DofusBeta
2009-03-14 22:45 . 2009-03-14 22:47 <REP> d-------- c:\program files\GCFScape
2009-03-14 21:52 . 2009-03-14 22:08 <REP> d-------- c:\program files\S2SaTstrat
2009-03-13 12:28 . 2009-03-20 00:10 <REP> d-------- c:\program files\TweakDUN
2009-03-13 00:08 . 2009-03-13 00:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-12 21:58 . 2009-03-12 22:25 <REP> d-------- c:\program files\Tweak-XP Pro 4
2009-03-12 21:58 . 2009-03-12 21:58 737,280 --a------ c:\windows\iun6002.exe
2009-03-09 23:54 . 2009-03-11 14:23 50 --a------ c:\windows\MegaManager.INI
2009-03-09 23:40 . 2009-03-09 23:40 <REP> d-------- c:\documents and settings\Navid\Application Data\Megaupload
2009-03-09 21:16 . 2009-03-09 21:16 415 --a------ c:\windows\XMailer.INI
2009-03-09 20:48 . 2009-03-09 20:48 <REP> d-------- c:\program files\fec
2009-03-09 20:22 . 2009-03-12 18:03 <REP> d-------- c:\program files\Opera
2009-03-08 14:17 . 2009-03-08 14:17 57,344 --------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:17 . 2009-03-08 14:17 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:16 . 2009-03-08 14:16 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:15 . 2009-03-08 14:15 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll
2009-03-07 12:56 . 2009-03-07 12:56 <REP> d-------- c:\windows\Logs
2009-03-07 12:56 . 2009-03-07 12:56 <REP> d-------- c:\program files\SiSoftware
2009-03-06 21:58 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll
2009-03-06 21:58 . 2007-10-12 15:14 1,374,232 --a------ c:\windows\system32\D3DCompiler_36.dll
2009-03-06 21:58 . 2007-10-02 09:56 444,776 --a------ c:\windows\system32\d3dx10_36.dll
2009-03-06 21:49 . 2009-03-06 21:49 <REP> d-------- c:\documents and settings\Navid\Application Data\InstallShield Installation Information
2009-03-06 21:38 . 2009-03-06 21:38 <REP> d-------- c:\program files\KOEI
2009-03-04 18:20 . 2009-03-04 18:20 <REP> d-------- c:\program files\Realtek
2009-03-04 18:20 . 2008-08-25 16:17 528,384 --a------ c:\windows\RtlExUpd.dll
2009-03-03 20:30 . 2009-03-03 20:30 <REP> d-------- c:\documents and settings\Navid\Application Data\GlarySoft
2009-03-03 20:21 . 2009-03-03 20:21 <REP> d-------- c:\program files\Glary Utilities
2009-03-03 20:08 . 2009-03-03 20:16 <REP> d-------- c:\program files\FCleaner
2009-03-03 20:08 . 2009-03-03 20:08 <REP> d-------- c:\documents and settings\Navid\Application Data\FTWeak
2009-03-03 20:08 . 2009-03-03 20:08 <REP> d-------- c:\documents and settings\All Users\Application Data\FTWeak
2009-03-03 20:06 . 2009-03-03 20:06 <REP> d-------- c:\program files\Windows Sidebar
2009-03-03 19:51 . 2009-03-03 20:08 <REP> d-------- c:\program files\Nero
2009-03-02 21:07 . 2009-03-02 21:07 <REP> d-------- c:\program files\K!TV
2009-03-02 20:41 . 2009-03-03 20:44 <REP> d-------- c:\program files\X-Setup Pro
2009-03-02 20:41 . 2009-03-02 20:41 <REP> d-------- c:\documents and settings\Navid\Application Data\X-Setup Pro
2009-03-02 20:41 . 2009-03-02 20:41 <REP> d-------- c:\documents and settings\All Users\Application Data\X-Setup Pro
2009-02-28 13:41 . 2009-02-28 13:41 <REP> d-------- c:\program files\ConvertHelper
2009-02-25 12:25 . 2009-01-09 20:19 1,089,883 --------- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 21:44 . 2009-02-24 21:44 <REP> d-------- c:\documents and settings\Navid\Application Data\KompoZer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 19:29 --------- d-----w c:\program files\Paltalk Messenger
2009-03-23 19:17 --------- d-----w c:\program files\Trend Micro
2009-03-23 13:47 --------- d-----w c:\documents and settings\Navid\Application Data\Skype
2009-03-23 11:00 --------- d-----w c:\documents and settings\Navid\Application Data\skypePM
2009-03-23 10:59 --------- d-----w c:\program files\Dofus
2009-03-22 21:28 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-22 21:27 --------- d-----w c:\documents and settings\Navid\Application Data\HPAppData
2009-03-22 02:16 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-22 02:14 --------- d-----w c:\program files\IsoBuster
2009-03-21 16:47 --------- d-----w c:\documents and settings\Navid\Application Data\teamspeak2
2009-03-21 16:33 --------- d-----w c:\program files\Steam
2009-03-21 16:32 --------- d-----w c:\documents and settings\Navid\Application Data\mIRC
2009-03-21 16:29 --------- d-----w c:\program files\mIRC
2009-03-20 18:04 --------- d-----w c:\documents and settings\Navid\Application Data\HLSW
2009-03-20 15:49 --------- d-----w c:\program files\Lavasoft
2009-03-20 15:49 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-18 19:50 --------- d-----w c:\program files\Freeplayer
2009-03-18 19:50 --------- d-----w c:\program files\FlashGet
2009-03-18 19:50 --------- d-----w c:\program files\DivX
2009-03-18 19:50 --------- d-----w c:\program files\AyudaCoachingTool4CounterStrike
2009-03-18 19:50 --------- d-----w c:\program files\AoA Audio Extractor
2009-03-14 18:08 --------- d-----w c:\documents and settings\Navid\Application Data\FileZilla
2009-03-14 17:02 --------- d-----w c:\documents and settings\Navid\Application Data\uTorrent
2009-03-12 22:54 --------- d-----w c:\program files\eChanblard
2009-03-12 18:42 --------- d-----w c:\program files\THQ
2009-03-12 18:42 --------- d-----w c:\program files\Temp
2009-03-12 18:42 --------- d-----w c:\program files\OFFICE11
2009-03-12 18:42 --------- d-----w c:\program files\Microsoft FrontPage Express
2009-03-12 18:42 --------- d-----w c:\documents and settings\All Users\Application Data\WindowsLiveInstaller
2009-03-12 18:42 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-12 12:46 --------- d-----w c:\documents and settings\Navid\Application Data\dvdcss
2009-03-11 18:12 --------- d-----w c:\program files\Teamspeak2_RC2
2009-03-11 13:40 --------- d-----w c:\program files\No-IP
2009-03-11 13:23 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-08 13:09 638,816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 13:09 391,536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 03:41 5,937,152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 03:39 11,063,808 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-03-08 03:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 914,944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 03:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:34 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 03:34 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 03:34 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 03:34 109,568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 03:34 105,984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 03:34 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 03:33 759,296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 03:33 726,528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 03:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:33 420,352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 03:33 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 03:33 229,376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 03:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 125,952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 03:32 94,720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 03:32 72,704 ----a-w c:\windows\system32\dllcache\admparse.dll
2009-03-08 03:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:32 71,680 ----a-w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 03:32 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 03:32 594,432 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 03:32 55,808 ----a-w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 03:32 173,056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 03:32 163,840 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 03:32 128,512 ----a-w c:\windows\system32\dllcache\advpack.dll
2009-03-08 03:32 1,985,024 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-03-08 03:24 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 03:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 03:22 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-03-08 03:11 445,952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-03-04 17:30 --------- d-----w c:\program files\World of Warcraft
2009-03-04 17:30 --------- d-----w c:\program files\MSN Messenger
2009-03-03 19:18 --------- d-----w c:\program files\CursorXP
2009-03-03 19:18 --------- d-----w c:\program files\BitComet
2009-03-03 19:09 --------- d-----w c:\program files\Fichiers communs\Nero
2009-03-03 19:01 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-02-28 15:38 --------- d-----w c:\documents and settings\Navid\Application Data\Mumble
2009-02-28 12:37 --------- d-----w c:\program files\Fichiers communs\Apple
2009-02-27 13:24 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-22 11:18 --------- d-----w c:\program files\uTorrent
2009-02-20 00:12 --------- d-----w c:\program files\Xara
2009-02-19 23:42 --------- d-----w c:\program files\Common Files
2009-02-18 23:41 --------- d-----w c:\program files\Vstplugins
2009-02-18 23:41 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2009-02-17 21:53 --------- d-----w c:\documents and settings\Navid\Application Data\Nvu
2009-02-17 20:30 --------- d-----w c:\program files\Virtual Audio Cable
2009-02-17 15:14 --------- d-----w c:\documents and settings\Navid\Application Data\VoipBuster
2009-02-17 15:06 --------- d-----w c:\program files\VoipBuster.com
2009-02-16 11:26 --------- d-----w c:\program files\Lavalys
2009-02-16 00:43 --------- d-----w c:\program files\TeamViewer
2009-02-16 00:43 --------- d-----w c:\documents and settings\Navid\Application Data\TeamViewer
2009-02-15 11:31 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-02-14 23:13 --------- d-----w c:\program files\Bonjour
2009-02-14 23:07 --------- d-----w c:\program files\Fichiers communs\Macrovision Shared
2009-02-14 23:07 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-02-14 15:00 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2009-02-14 14:57 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2009-02-13 21:00 --------- d-----w c:\program files\WinAVI Video Converter
2009-02-13 17:37 --------- d-----w c:\program files\Mumble
2007-08-24 19:52 300,400 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2007-01-02 16:08 1,132,843 --sh--w c:\windows\Config\gimcac.bak1
2007-02-02 11:11 447,240 --sh--w c:\windows\Config\gimcac.bak2
2007-02-02 22:39 469,564 --sh--w c:\windows\Config\gimcac.ini2
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
2008-09-03 14:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090320080904\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-02 185896]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-23 1932568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]

c:\documents and settings\Navid\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-17 385024]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-01-18 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-23 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 16:41 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-23 00:47 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InstantTimeZone.lnk]
backup=c:\windows\pss\InstantTimeZone.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-16 10:45 63712 c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2008-12-01 16:33 1406192 c:\program files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 20:21 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
--a------ 2008-10-02 23:51 3309224 c:\fraps\fraps.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-11-25 12:56 133104 c:\documents and settings\Navid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-11-21 03:12 3297280 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 18:15 45056 c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2009-03-13 20:33 1410296 c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-27 13:12 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
--a------ 2007-03-23 16:13 1006080 c:\program files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Apple Mobile Device"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FTweakFCleaner"=c:\program files\FCleaner\FCleaner.exe
"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eChanblard\\emule.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Steam\\SteamApps\\erfan_91\\counter-strike\\hl.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\Gimp-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Steam\\steamapps\\erfan_91\\dedicated server\\hltv.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\HLDS\\hlds.exe"=
"c:\\Program Files\\Steam\\steamapps\\erfan_91\\dedicated server\\hlds.exe"=
"c:\\Program Files\\Steam\\steamapps\\erfan_91\\counter-strike\\cstrike_french\\hltv.exe"=
"c:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11875:TCP"= 11875:TCP:BitComet 11875 TCP
"11875:UDP"= 11875:UDP:BitComet 11875 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"8080:TCP"= 8080:TCP:freebox
"3724:TCP"= 3724:TCP:Blizzard downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downloader
"6999:TCP"= 6999:TCP:Blizzard Downloader
"1234:UDP"= 1234:UDP:freeplayer1
"8080:UDP"= 8080:UDP:freeplayer2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-23 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-23 107912]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-23 298264]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-01-23 10384]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2009-01-15 31744]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2009-02-17 29184]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [2006-06-28 892032]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-17 27904]
S3 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-10 14336]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\YH-925.sys [2007-03-22 7552]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [2009-01-13 30272]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.drv [2009-01-13 37440]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-03-07 98488]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-11-22 23064]
S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\system32\drivers\SMCWGU.sys [2006-10-07 408064]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [2004-06-30 19200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
Contenu du dossier 'Tâches planifiées'

2009-03-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-02-12 17:10]

2009-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1798726482-2359549395-1807667182-1005.job
- c:\documents and settings\Navid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-25 12:56]

2009-03-23 c:\windows\Tasks\User_Feed_Synchronization-{525D9778-906F-4F2D-8076-BF579ABA639F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ustart.org
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\OFFICE11\EXCEL.EXE/3000
IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
Trusted Zone: localhost
TCP: {326DCACC-44CD-4EC8-B37C-9E1690ED69BB} = 212.27.40.240,212.27.40.241
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Navid\Application Data\Mozilla\Firefox\Profiles\vzc00xjs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Navid\Application Data\Mozilla\Firefox\Profiles\vzc00xjs.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\documents and settings\Navid\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmaud.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmprog.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmvid.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmzip.dll

---- PARAMETRES FIREFOX ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.cache.disk_cache_ssl - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: signed.applets.codebase_principal_support - true .

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 20:31:37
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet009\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"

[HKEY_LOCAL_MACHINE\System\ControlSet009\Services\PsSdkLBF]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1798726482-2359549395-1807667182-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1798726482-2359549395-1807667182-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C0BA4FA4-ECE9-C0BB-C143-8F093903C067}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nahmacmfpjjdnkofbpbejigleccp"=hex:6a,61,69,62,6b,70,70,65,66,67,70,67,68,68,
61,61,64,69,6f,68,00,00
"mafmnkhfhhkbpnepjhdkcpgopj"=hex:6a,61,69,62,6b,70,70,65,66,67,70,67,68,68,61,
61,64,69,6f,68,00,f9

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ñw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
.
Heure de fin: 2009-03-23 20:34:22
ComboFix-quarantined-files.txt 2009-03-23 19:34:19

Avant-CF: 9 121 394 688 octets libres
Après-CF: 9,083,981,824 octets libres

Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
475 --- E O F --- 2009-03-14 18:03:36
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses
Supprimer notifications myavids.com sous Android.
Guy72 -
Liline -

7 réponses