Virus moteur de recherche
anonyme
-
anonyme -
anonyme -
Bonjour, depuis hier quand je fais une recherche sur google, quand je clique sur les liens je ne peux pas aller sur les site ou j'ai cliquer.
Ça me ramène le plus souvent vers ces site :
https://encyclopedia.thefreedictionary.com
https://www.networksolutions.com/errors/404
http://findreallife.info/index.php
(il y en a d'autres)
Je pense que j'ai attrapé un virus.
Pouvez-vous m'aider SVP!!
Ça me ramène le plus souvent vers ces site :
https://encyclopedia.thefreedictionary.com
https://www.networksolutions.com/errors/404
http://findreallife.info/index.php
(il y en a d'autres)
Je pense que j'ai attrapé un virus.
Pouvez-vous m'aider SVP!!
A voir également:
- Virus moteur de recherche
- Google moteur de recherche page d'accueil - Guide
- Recherche automatique des chaînes ne fonctionne pas - Guide
- Recherche de pairs utorrent ✓ - Forum Téléchargement
- Virus mcafee - Accueil - Piratage
- Softonic virus - Forum Virus
24 réponses
Voilà normalement c'est le bon :
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\PFLib.dll
.
---- Exécution préalable -------
.
c:\windows\system32\Core.dll
c:\windows\system32\drivers\kungsfyqknkuha.sys
c:\windows\system32\kungsfhsnbhodc.dat
c:\windows\system32\kungsfhswlamtd.dll
c:\windows\system32\kungsfoyrlmiuy.dat
c:\windows\system32\kungsfrinydljo.dll
c:\windows\system32\window.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_kungsftqqlavxw
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-05 au 2009-06-05 ))))))))))))))))))))))))))))))))))))
.
2009-06-03 11:18 . 2009-06-03 11:18 -------- d-----w- c:\program files\ESET
2009-06-01 14:02 . 2009-06-01 14:02 299352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-06-01 14:02 . 2009-06-01 14:02 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-06-01 14:02 . 2009-06-01 14:02 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-06-01 14:02 . 2009-06-01 14:02 165728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-06-01 14:01 . 2009-06-01 14:01 343888 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-06-01 14:01 . 2009-06-01 14:01 289632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-06-01 14:01 . 2009-06-01 14:01 82784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-06-01 13:53 . 2009-06-01 13:53 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-06-01 13:51 . 2009-06-01 13:51 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-06-01 13:50 . 2009-06-01 13:50 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-06-01 13:50 . 2009-06-01 13:50 632680 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-06-01 13:48 . 2009-06-01 13:48 539512 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-06-01 13:47 . 2009-06-01 13:47 552808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-06-01 13:45 . 2009-06-01 13:45 2324808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-06-01 13:44 . 2009-06-01 13:45 626000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-06-01 13:43 . 2009-06-01 13:43 516440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-01 13:42 . 2009-06-01 13:42 953168 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-05-29 14:51 . 2009-06-01 10:47 -------- d-----w- c:\program files\Navilog1
2009-05-29 11:09 . 2009-05-29 11:09 -------- d-----w- C:\GenProc
2009-05-27 13:38 . 2009-05-27 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-05-27 13:38 . 2009-05-27 13:38 -------- d-----w- C:\ProgramData
2009-05-27 13:35 . 2008-09-05 01:22 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2009-05-27 13:35 . 2009-05-27 13:35 10134 ----a-r- c:\documents and settings\Famechon\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-05-27 13:35 . 2009-05-27 13:35 -------- d-----w- c:\program files\Microsoft WSE
2009-05-27 13:33 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-05-27 13:32 . 2009-05-27 13:32 -------- d-----w- c:\windows\Logs
2009-05-23 11:47 . 2009-05-24 00:21 -------- d-----w- c:\documents and settings\Famechon\Application Data\teamspeak2
2009-05-23 11:44 . 2009-05-23 11:47 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-05-22 12:50 . 2009-05-27 13:36 -------- d-----w- c:\program files\Electronic Arts
2009-05-22 10:22 . 2009-05-22 10:48 -------- d-----w- c:\documents and settings\Famechon\Application Data\IcoFX
2009-05-22 10:21 . 2009-05-22 10:21 -------- d-----w- c:\program files\IcoFX 1.6
2009-05-21 18:38 . 2009-05-21 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-21 18:02 . 2009-05-21 18:02 -------- d-----w- c:\program files\Adobe Media Player
2009-05-21 17:57 . 2009-05-21 17:57 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2009-05-21 17:48 . 2009-05-21 17:48 -------- d-----w- c:\program files\Fichiers communs\Macrovision Shared
2009-05-20 05:28 . 2009-05-20 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-05-20 05:28 . 2009-05-20 05:28 -------- d-----w- c:\program files\Fichiers communs\Adobe Systems Shared
2009-05-13 08:18 . 2009-05-13 08:18 2051864 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-10 12:54 . 2009-05-17 20:36 -------- d-----w- c:\program files\RocketDock
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 15:50 . 2007-11-03 19:30 169936 ----a-w- c:\documents and settings\Famechon\Application Data\Mozilla\Firefox\Profiles\3fdq7c1l.default\FlashGot.exe
2009-06-05 15:48 . 2006-11-09 17:30 -------- d-----w- c:\documents and settings\Famechon\Application Data\OpenOffice.org2
2009-06-05 15:41 . 2007-09-28 20:10 -------- d-----w- c:\program files\BitComet
2009-05-31 18:41 . 2006-11-09 16:38 78256 ----a-w- c:\documents and settings\Famechon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-31 17:51 . 2009-03-28 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-29 16:01 . 2009-05-01 13:00 -------- d-----w- c:\program files\a-squared Free
2009-05-28 16:20 . 2006-12-14 16:24 -------- d-----w- c:\program files\Google
2009-05-27 13:10 . 2009-01-27 16:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-27 13:00 . 2009-01-31 14:11 -------- d-----w- c:\program files\Postal2STP
2009-05-27 12:13 . 2009-04-27 16:19 -------- d-----w- c:\documents and settings\Famechon\Application Data\Azureus
2009-05-23 13:16 . 2009-01-25 22:25 -------- d-----w- c:\documents and settings\Famechon\Application Data\Xfire
2009-05-23 09:20 . 2009-04-11 13:37 -------- d-----w- c:\documents and settings\Famechon\Application Data\AVGTOOLBAR
2009-05-21 18:04 . 2006-11-09 17:30 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-05-17 00:17 . 2009-05-04 16:06 -------- d-----w- c:\program files\adslTV
2009-05-12 20:54 . 2008-03-28 23:06 1 ----a-w- c:\documents and settings\Famechon\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-05 07:12 . 2009-05-04 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ExtraFilm
2009-05-04 16:08 . 2009-05-04 16:08 -------- d-----w- c:\documents and settings\Famechon\Application Data\ExtraFilm
2009-05-01 13:37 . 2009-05-01 13:38 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-01 13:37 . 2009-05-01 13:37 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-05-01 13:37 . 2009-05-01 13:37 73064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-05-01 13:14 . 2009-05-01 13:14 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-01 13:12 . 2009-05-01 13:12 -------- d-----w- c:\program files\Lavasoft
2009-04-30 17:18 . 2009-04-10 22:01 -------- d-----w- c:\program files\Stardock
2009-04-30 11:15 . 2009-03-28 13:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-04-30 11:15 . 2009-03-28 13:13 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-04-30 11:15 . 2009-03-28 13:13 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-04-30 11:15 . 2009-03-28 13:13 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-30 11:14 . 2009-03-28 13:14 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-04-27 16:20 . 2009-04-27 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-04-27 16:19 . 2009-04-27 16:19 -------- d-----w- c:\program files\Vuze
2009-04-26 12:35 . 2006-11-12 11:16 -------- d-----w- c:\program files\Messenger Plus! Live
2009-04-24 20:12 . 2008-12-23 14:30 -------- d-----w- c:\program files\GOA
2009-04-24 20:04 . 2006-11-09 16:53 -------- d-----w- c:\program files\Ahead
2009-04-24 20:02 . 2009-02-25 15:28 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
2009-04-24 09:53 . 2009-04-24 09:53 4968 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-04-24 09:53 . 2006-03-02 13:00 86366 ----a-w- c:\windows\system32\perfc00C.dat
2009-04-24 09:53 . 2006-03-02 13:00 513458 ----a-w- c:\windows\system32\perfh00C.dat
2009-04-19 18:38 . 2009-04-19 18:38 -------- d-----w- c:\program files\BestGameEver
2009-04-19 10:07 . 2009-04-10 22:01 -------- d-----w- c:\program files\Fichiers communs\Stardock
2009-04-16 21:13 . 2009-04-16 21:12 -------- d-----w- c:\documents and settings\Famechon\Application Data\MessengerDiscovery 2
2009-04-16 20:52 . 2009-04-16 20:52 -------- d-----w- c:\program files\Microsoft
2009-04-16 20:51 . 2007-06-10 14:25 -------- d-----w- c:\program files\Windows Live
2009-04-11 21:30 . 2009-04-11 21:30 -------- d-----w- c:\program files\WinHTTrack
2009-04-10 21:40 . 2008-01-20 21:59 -------- d-----w- c:\program files\FLV Player
2009-04-10 20:36 . 2009-04-10 20:30 -------- d-----w- c:\program files\Yahoo!
2009-04-01 11:04 . 2009-04-01 11:04 152576 ----a-w- c:\documents and settings\Famechon\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-09 03:19 . 2008-12-18 18:37 410984 ----a-w- c:\windows\system32\deploytk.dll
2006-09-27 13:13 . 2008-08-06 21:21 1694208 --sha-w- c:\windows\VistaMizer\old\msmsgs.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2007-09-10 6338360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 3587120]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Famechon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-22 133104]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WireLessMouse"="c:\program files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe" [2005-08-30 303104]
"WireLessKeyboard"="c:\program files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe" [2005-08-30 319488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-06 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-30 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-17 16143872]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Famechon\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-30 11:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6V_Check
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"NVSvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\SecondLifeReleaseCandidate\\SLVoice.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Postal2STP\\System\\Postal2.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Softnyx\\WolfTeam\\Wolfteam.bin"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\sauvegarde\\Famechon\\Program Files\\eMule\\emule.exe"=
"d:\\sauvegarde\\Famechon\\Program Files\\Xfire\\Xfire.exe"=
"d:\\sauvegarde\\Famechon\\Program Files\\Postal2STP2\\System\\Postal2MP.exe"=
"d:\\sauvegarde\\Famechon\\Program Files\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"=
"d:\\sauvegarde\\Famechon\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\sauvegarde\\Famechon\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\SecondLifeReleaseCandidate\\SecondLifeReleaseCandidate.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13094:TCP"= 13094:TCP:BitComet 13094 TCP
"13094:UDP"= 13094:UDP:BitComet 13094 UDP
"6112:TCP"= 6112:TCP:Blizzard dowloader
"6881:TCP"= 6881:TCP:Blizzard download
"6882:TCP"= 6882:TCP:Blizzard download
"6883:TCP"= 6883:TCP:Blizzard download
"6999:TCP"= 6999:TCP:Blizzard download
"3724:UDP"= 3724:UDP:Blizzard Downloader
"6113:TCP"= 6113:TCP:Blizzard Downloader
"6884:TCP"= 6884:TCP:Blizzard Downloader
"6885:TCP"= 6885:TCP:Blizzard Downloader
"6886:TCP"= 6886:TCP:Blizzard Downloader
"6887:TCP"= 6887:TCP:Blizzard Downloader
"6888:TCP"= 6888:TCP:Blizzard Downloader
"6889:TCP"= 6889:TCP:Blizzard Downloader
"6990:TCP"= 6990:TCP:Blizzard Downloader
"6991:TCP"= 6991:TCP:Blizzard Downloader
"6992:TCP"= 6992:TCP:Blizzard Downloader
"6993:TCP"= 6993:TCP:Blizzard Downloader
"6994:TCP"= 6994:TCP:Blizzard Downloader
"6995:TCP"= 6995:TCP:Blizzard Downloader
"6996:TCP"= 6996:TCP:Blizzard Downloader
"6696:TCP"= 6696:TCP:Blizzard Downloader
"6997:TCP"= 6997:TCP:Blizzard Downloader
"6998:TCP"= 6998:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [28/03/2009 15:14 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/05/2009 15:38 64160]
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [09/11/2006 18:59 61184]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/03/2009 15:13 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28/03/2009 15:13 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/04/2009 15:58 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 953168]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21/04/2006 08:22 70912]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [09/11/2006 18:40 31104]
S2 gupdate1c9870a2e1a3724;Google Update Service (gupdate1c9870a2e1a3724);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2009 22:50 133104]
S3 PentaxUsb;PENTAX Optio 50L on USB;c:\windows\system32\drivers\CoachUsb.sys [24/11/2004 14:34 50976]
S3 PentaxVc;PENTAX Optio 50L Video Capture;c:\windows\system32\drivers\CoachVc.sys [24/11/2004 14:36 44256]
.
Contenu du dossier 'Tâches planifiées'
2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:36]
2009-06-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 20:50]
2009-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1770027372-839522115-1004.job
- c:\documents and settings\Famechon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 10:53]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{da82d608-0a5b-439e-bb80-a68f73ab115c} - (no file)
SafeBoot-procexp90.Sys
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game11.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Famechon\Application Data\Mozilla\Firefox\Profiles\3fdq7c1l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Famechon\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 18:50
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-06-05 18:56
ComboFix-quarantined-files.txt 2009-06-05 16:54
Avant-CF: 7 966 744 576 octets libres
Après-CF: 7 948 267 520 octets libres
Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4
315 --- E O F --- 2009-05-14 01:05
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\PFLib.dll
.
---- Exécution préalable -------
.
c:\windows\system32\Core.dll
c:\windows\system32\drivers\kungsfyqknkuha.sys
c:\windows\system32\kungsfhsnbhodc.dat
c:\windows\system32\kungsfhswlamtd.dll
c:\windows\system32\kungsfoyrlmiuy.dat
c:\windows\system32\kungsfrinydljo.dll
c:\windows\system32\window.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_kungsftqqlavxw
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-05 au 2009-06-05 ))))))))))))))))))))))))))))))))))))
.
2009-06-03 11:18 . 2009-06-03 11:18 -------- d-----w- c:\program files\ESET
2009-06-01 14:02 . 2009-06-01 14:02 299352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-06-01 14:02 . 2009-06-01 14:02 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-06-01 14:02 . 2009-06-01 14:02 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-06-01 14:02 . 2009-06-01 14:02 165728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-06-01 14:01 . 2009-06-01 14:01 343888 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-06-01 14:01 . 2009-06-01 14:01 289632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-06-01 14:01 . 2009-06-01 14:01 82784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-06-01 13:53 . 2009-06-01 13:53 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-06-01 13:51 . 2009-06-01 13:51 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-06-01 13:50 . 2009-06-01 13:50 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-06-01 13:50 . 2009-06-01 13:50 632680 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-06-01 13:48 . 2009-06-01 13:48 539512 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-06-01 13:47 . 2009-06-01 13:47 552808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-06-01 13:45 . 2009-06-01 13:45 2324808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-06-01 13:44 . 2009-06-01 13:45 626000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-06-01 13:43 . 2009-06-01 13:43 516440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-01 13:42 . 2009-06-01 13:42 953168 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-05-29 14:51 . 2009-06-01 10:47 -------- d-----w- c:\program files\Navilog1
2009-05-29 11:09 . 2009-05-29 11:09 -------- d-----w- C:\GenProc
2009-05-27 13:38 . 2009-05-27 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-05-27 13:38 . 2009-05-27 13:38 -------- d-----w- C:\ProgramData
2009-05-27 13:35 . 2008-09-05 01:22 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2009-05-27 13:35 . 2009-05-27 13:35 10134 ----a-r- c:\documents and settings\Famechon\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-05-27 13:35 . 2009-05-27 13:35 -------- d-----w- c:\program files\Microsoft WSE
2009-05-27 13:33 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-05-27 13:32 . 2009-05-27 13:32 -------- d-----w- c:\windows\Logs
2009-05-23 11:47 . 2009-05-24 00:21 -------- d-----w- c:\documents and settings\Famechon\Application Data\teamspeak2
2009-05-23 11:44 . 2009-05-23 11:47 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-05-22 12:50 . 2009-05-27 13:36 -------- d-----w- c:\program files\Electronic Arts
2009-05-22 10:22 . 2009-05-22 10:48 -------- d-----w- c:\documents and settings\Famechon\Application Data\IcoFX
2009-05-22 10:21 . 2009-05-22 10:21 -------- d-----w- c:\program files\IcoFX 1.6
2009-05-21 18:38 . 2009-05-21 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-21 18:02 . 2009-05-21 18:02 -------- d-----w- c:\program files\Adobe Media Player
2009-05-21 17:57 . 2009-05-21 17:57 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2009-05-21 17:48 . 2009-05-21 17:48 -------- d-----w- c:\program files\Fichiers communs\Macrovision Shared
2009-05-20 05:28 . 2009-05-20 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-05-20 05:28 . 2009-05-20 05:28 -------- d-----w- c:\program files\Fichiers communs\Adobe Systems Shared
2009-05-13 08:18 . 2009-05-13 08:18 2051864 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-10 12:54 . 2009-05-17 20:36 -------- d-----w- c:\program files\RocketDock
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 15:50 . 2007-11-03 19:30 169936 ----a-w- c:\documents and settings\Famechon\Application Data\Mozilla\Firefox\Profiles\3fdq7c1l.default\FlashGot.exe
2009-06-05 15:48 . 2006-11-09 17:30 -------- d-----w- c:\documents and settings\Famechon\Application Data\OpenOffice.org2
2009-06-05 15:41 . 2007-09-28 20:10 -------- d-----w- c:\program files\BitComet
2009-05-31 18:41 . 2006-11-09 16:38 78256 ----a-w- c:\documents and settings\Famechon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-31 17:51 . 2009-03-28 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-29 16:01 . 2009-05-01 13:00 -------- d-----w- c:\program files\a-squared Free
2009-05-28 16:20 . 2006-12-14 16:24 -------- d-----w- c:\program files\Google
2009-05-27 13:10 . 2009-01-27 16:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-27 13:00 . 2009-01-31 14:11 -------- d-----w- c:\program files\Postal2STP
2009-05-27 12:13 . 2009-04-27 16:19 -------- d-----w- c:\documents and settings\Famechon\Application Data\Azureus
2009-05-23 13:16 . 2009-01-25 22:25 -------- d-----w- c:\documents and settings\Famechon\Application Data\Xfire
2009-05-23 09:20 . 2009-04-11 13:37 -------- d-----w- c:\documents and settings\Famechon\Application Data\AVGTOOLBAR
2009-05-21 18:04 . 2006-11-09 17:30 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-05-17 00:17 . 2009-05-04 16:06 -------- d-----w- c:\program files\adslTV
2009-05-12 20:54 . 2008-03-28 23:06 1 ----a-w- c:\documents and settings\Famechon\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-05 07:12 . 2009-05-04 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ExtraFilm
2009-05-04 16:08 . 2009-05-04 16:08 -------- d-----w- c:\documents and settings\Famechon\Application Data\ExtraFilm
2009-05-01 13:37 . 2009-05-01 13:38 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-01 13:37 . 2009-05-01 13:37 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-05-01 13:37 . 2009-05-01 13:37 73064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-05-01 13:14 . 2009-05-01 13:14 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-01 13:12 . 2009-05-01 13:12 -------- d-----w- c:\program files\Lavasoft
2009-04-30 17:18 . 2009-04-10 22:01 -------- d-----w- c:\program files\Stardock
2009-04-30 11:15 . 2009-03-28 13:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-04-30 11:15 . 2009-03-28 13:13 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-04-30 11:15 . 2009-03-28 13:13 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-04-30 11:15 . 2009-03-28 13:13 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-30 11:14 . 2009-03-28 13:14 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-04-27 16:20 . 2009-04-27 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-04-27 16:19 . 2009-04-27 16:19 -------- d-----w- c:\program files\Vuze
2009-04-26 12:35 . 2006-11-12 11:16 -------- d-----w- c:\program files\Messenger Plus! Live
2009-04-24 20:12 . 2008-12-23 14:30 -------- d-----w- c:\program files\GOA
2009-04-24 20:04 . 2006-11-09 16:53 -------- d-----w- c:\program files\Ahead
2009-04-24 20:02 . 2009-02-25 15:28 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
2009-04-24 09:53 . 2009-04-24 09:53 4968 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-04-24 09:53 . 2006-03-02 13:00 86366 ----a-w- c:\windows\system32\perfc00C.dat
2009-04-24 09:53 . 2006-03-02 13:00 513458 ----a-w- c:\windows\system32\perfh00C.dat
2009-04-19 18:38 . 2009-04-19 18:38 -------- d-----w- c:\program files\BestGameEver
2009-04-19 10:07 . 2009-04-10 22:01 -------- d-----w- c:\program files\Fichiers communs\Stardock
2009-04-16 21:13 . 2009-04-16 21:12 -------- d-----w- c:\documents and settings\Famechon\Application Data\MessengerDiscovery 2
2009-04-16 20:52 . 2009-04-16 20:52 -------- d-----w- c:\program files\Microsoft
2009-04-16 20:51 . 2007-06-10 14:25 -------- d-----w- c:\program files\Windows Live
2009-04-11 21:30 . 2009-04-11 21:30 -------- d-----w- c:\program files\WinHTTrack
2009-04-10 21:40 . 2008-01-20 21:59 -------- d-----w- c:\program files\FLV Player
2009-04-10 20:36 . 2009-04-10 20:30 -------- d-----w- c:\program files\Yahoo!
2009-04-01 11:04 . 2009-04-01 11:04 152576 ----a-w- c:\documents and settings\Famechon\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-09 03:19 . 2008-12-18 18:37 410984 ----a-w- c:\windows\system32\deploytk.dll
2006-09-27 13:13 . 2008-08-06 21:21 1694208 --sha-w- c:\windows\VistaMizer\old\msmsgs.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2007-09-10 6338360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 3587120]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Famechon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-22 133104]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WireLessMouse"="c:\program files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe" [2005-08-30 303104]
"WireLessKeyboard"="c:\program files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe" [2005-08-30 319488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-06 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-30 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-17 16143872]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Famechon\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-30 11:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6V_Check
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"NVSvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\SecondLifeReleaseCandidate\\SLVoice.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Postal2STP\\System\\Postal2.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Softnyx\\WolfTeam\\Wolfteam.bin"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\sauvegarde\\Famechon\\Program Files\\eMule\\emule.exe"=
"d:\\sauvegarde\\Famechon\\Program Files\\Xfire\\Xfire.exe"=
"d:\\sauvegarde\\Famechon\\Program Files\\Postal2STP2\\System\\Postal2MP.exe"=
"d:\\sauvegarde\\Famechon\\Program Files\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"=
"d:\\sauvegarde\\Famechon\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\sauvegarde\\Famechon\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\SecondLifeReleaseCandidate\\SecondLifeReleaseCandidate.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13094:TCP"= 13094:TCP:BitComet 13094 TCP
"13094:UDP"= 13094:UDP:BitComet 13094 UDP
"6112:TCP"= 6112:TCP:Blizzard dowloader
"6881:TCP"= 6881:TCP:Blizzard download
"6882:TCP"= 6882:TCP:Blizzard download
"6883:TCP"= 6883:TCP:Blizzard download
"6999:TCP"= 6999:TCP:Blizzard download
"3724:UDP"= 3724:UDP:Blizzard Downloader
"6113:TCP"= 6113:TCP:Blizzard Downloader
"6884:TCP"= 6884:TCP:Blizzard Downloader
"6885:TCP"= 6885:TCP:Blizzard Downloader
"6886:TCP"= 6886:TCP:Blizzard Downloader
"6887:TCP"= 6887:TCP:Blizzard Downloader
"6888:TCP"= 6888:TCP:Blizzard Downloader
"6889:TCP"= 6889:TCP:Blizzard Downloader
"6990:TCP"= 6990:TCP:Blizzard Downloader
"6991:TCP"= 6991:TCP:Blizzard Downloader
"6992:TCP"= 6992:TCP:Blizzard Downloader
"6993:TCP"= 6993:TCP:Blizzard Downloader
"6994:TCP"= 6994:TCP:Blizzard Downloader
"6995:TCP"= 6995:TCP:Blizzard Downloader
"6996:TCP"= 6996:TCP:Blizzard Downloader
"6696:TCP"= 6696:TCP:Blizzard Downloader
"6997:TCP"= 6997:TCP:Blizzard Downloader
"6998:TCP"= 6998:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [28/03/2009 15:14 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/05/2009 15:38 64160]
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [09/11/2006 18:59 61184]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/03/2009 15:13 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28/03/2009 15:13 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/04/2009 15:58 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 953168]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21/04/2006 08:22 70912]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [09/11/2006 18:40 31104]
S2 gupdate1c9870a2e1a3724;Google Update Service (gupdate1c9870a2e1a3724);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2009 22:50 133104]
S3 PentaxUsb;PENTAX Optio 50L on USB;c:\windows\system32\drivers\CoachUsb.sys [24/11/2004 14:34 50976]
S3 PentaxVc;PENTAX Optio 50L Video Capture;c:\windows\system32\drivers\CoachVc.sys [24/11/2004 14:36 44256]
.
Contenu du dossier 'Tâches planifiées'
2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:36]
2009-06-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 20:50]
2009-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1770027372-839522115-1004.job
- c:\documents and settings\Famechon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 10:53]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{da82d608-0a5b-439e-bb80-a68f73ab115c} - (no file)
SafeBoot-procexp90.Sys
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game11.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Famechon\Application Data\Mozilla\Firefox\Profiles\3fdq7c1l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Famechon\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 18:50
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-06-05 18:56
ComboFix-quarantined-files.txt 2009-06-05 16:54
Avant-CF: 7 966 744 576 octets libres
Après-CF: 7 948 267 520 octets libres
Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4
315 --- E O F --- 2009-05-14 01:05
