Sujet Précédent Sujet Suivant

à l'aide! cheval de troie

dcmoi Messages postés 85 Statut Membre -  
 dcmo -
Bonjour,
Mon pc Portable fonctionnait à merveille jusque hier ou je l'ai trouvé plus lent que d'habitude.
Aujourd'hui, un msg de mon antivirus m'indique la présence d'un cheval de troie sur un certain programme que j'ai rapidement supprimé.
Depuis, mon ordinateur n'arrete pas de bloquer (3 fois en moins d'une 1h) et ctrl+alt+suppr ne marche pas. Je dois eteindre l'ordi manuellement et quand je rallume, une analyse du disque dur se lance.
Qu'est-ce que je peux faire?
A voir également:

5 réponses

Réponse 1 / 5
Cosmi
 
bonjours,

Désactivez l'UAC de Vista
• Panneau de configuration -> "Comptes d'utilisateurs",
• Dans la nouvelle fenêtre -> "Comptes d'utilisateurs",
• Cliquer sur [activer ou désactiver le contrôle des comptes d'utilisateurs],
• Dans la fenêtre en résultant décocher la case "utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur",
• Valider par OK,
• Redémarrer le PC.

Désactivez votre antivirus et tout logiciels de protection.

Renommez ComboFix.exe en CB-F.exe durant le téléchargement.
• Faites un clic droit sur le lien de ComboFix >> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
• Sélectionnez soit avec :
- Internet Explorer : Enregistrer la cible sous...
- Firefox : Enregistrer la cible du lien sous...

► Renommer ComboFix.exe pour CB-F.exe et sauvegarder le sur votre bureau.

Fermez tous les applications, n'ouvrez aucun programmes,
Si ComboFix a besoin de redémarrer, laisser le aller.

► Double-cliquer sur Combofix et [Exécuter]
• Si vous utilisez Windows Vista, cliquer sur le bouton [Continuer],
• À la ’’Limitation de garantie du logiciel’’ -> [Oui],
• Vous installerez la ’’Console de récupération’’ après -> [Non],
• Attendre la fermeture de l’outil (plus d’une 40aines d’étapes).

Notez qu'une fois que vous avez lancé ComboFix,
vous ne devez pas cliquer dans la fenêtre de ComboFix,
cela pourrait même endommager Windows.

Afficher le rapport de ComboFix (C:\Combofix.txt).

Réactiver L'UAC, l'antivirus et autre protection..
0
dcmoi Messages postés 85 Statut Membre 8
 
MERCI, JE VAIS ESSAYER
0
dcmoi Messages postés 85 Statut Membre 8
 
voila, j'ai tout fais, je te poste le rapport:

ComboFix 09-06-08.05 - papa 09/06/2009 17:13.1 - NTFSx86
Running from: c:\users\papa\Desktop\CB-F.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\messengerskinner
c:\program files\messengerskinner\download\defaultPack.cab
c:\program files\messengerskinner\resources\appconfig.xml
c:\program files\messengerskinner\resources\btn.rgn
c:\program files\messengerskinner\resources\btnBnr.rgn
c:\program files\messengerskinner\resources\btnIn.rgn
c:\program files\messengerskinner\resources\btnInNormal.bmp
c:\program files\messengerskinner\resources\btnInOver.bmp
c:\program files\messengerskinner\resources\btnNormal.bmp
c:\program files\messengerskinner\resources\btnNormal.gif
c:\program files\messengerskinner\resources\btnNormalBnr.bmp
c:\program files\messengerskinner\resources\btnNormalBnr.gif
c:\program files\messengerskinner\resources\btnOver.bmp
c:\program files\messengerskinner\resources\btnOver.gif
c:\program files\messengerskinner\resources\btnOverBnr.bmp
c:\program files\messengerskinner\resources\btnOverBnr.gif
c:\program files\messengerskinner\resources\languages_v2.xml
c:\program files\messengerskinner\uninst.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Conditions g?n?rales.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Confidentialit?.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\D?sinstaller.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\MessengerSkinner.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Website.url
c:\users\papa\AppData\Local\ciuwgeq.dat
c:\users\papa\AppData\Local\ciuwgeq.exe
c:\users\papa\AppData\Local\ciuwgeq_navps.dat
c:\windows\system32\KBL.LOG
D:\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-09 15:10 . 2009-06-09 15:24 -------- d-s---w- \CB-F
2009-06-09 15:10 . 2009-06-09 15:18 -------- d---a-w- \Qoobox
2009-06-09 14:52 . 2009-06-09 14:52 -------- d-----w- c:\program files\CCleaner
2009-06-07 12:49 . 2009-06-07 12:52 -------- d-----w- C:\ConverterOutput
2009-06-07 12:49 . 2009-06-07 12:52 -------- d-----w- \ConverterOutput
2009-06-07 12:48 . 2008-11-05 09:39 92326 ----a-w- c:\windows\system32\HKCU_GNU.reg
2009-06-07 12:48 . 2008-06-17 08:57 6700 ----a-w- c:\windows\system32\HKLM_GNU.reg
2009-06-07 12:48 . 2008-06-15 08:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-06-07 12:48 . 2006-07-17 19:42 14909 ----a-w- c:\windows\system32\A_reg.reg
2009-06-07 12:48 . 2008-02-03 19:26 364544 ----a-w- c:\windows\system32\cdg.dll
2009-06-07 12:48 . 2006-09-27 15:46 348160 ----a-w- c:\windows\system32\cdga.dll
2009-06-07 12:48 . 2009-06-07 12:48 -------- d-----w- c:\program files\Cucusoft
2009-06-07 09:42 . 2009-06-07 09:42 -------- d-----w- C:\WinAVI MP4 Converter
2009-06-07 09:42 . 2009-06-07 09:42 -------- d-----w- \WinAVI MP4 Converter
2009-06-04 20:11 . 2009-06-09 12:07 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-04 20:11 . 2009-06-09 12:07 -------- d--h--w- \$AVG8.VAULT$
2009-06-03 20:57 . 2009-06-03 20:57 -------- d-----w- c:\users\papa\AppData\Local\Sony
2009-06-03 20:45 . 2009-06-03 20:45 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-06-03 20:44 . 2009-06-03 20:44 10134 ----a-r- c:\users\papa\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2009-06-03 20:44 . 2009-06-03 20:45 -------- d-----w- c:\program files\Sony
2009-06-03 20:44 . 2009-06-03 20:44 -------- d-----w- c:\programdata\Sony Corporation
2009-06-03 20:43 . 2009-06-03 20:54 -------- d-----w- c:\users\papa\AppData\Roaming\Sony
2009-06-03 20:43 . 2009-06-03 20:43 -------- d-----w- c:\users\papa\AppData\Roaming\Sony Setup
2009-06-03 20:43 . 2009-06-03 20:43 -------- d-----w- c:\program files\Sony Setup
2009-05-13 16:03 . 2009-05-13 16:03 -------- d-----w- c:\users\papa\AppData\Local\ACD Systems
2009-05-13 16:03 . 2009-05-13 16:03 -------- d-----w- c:\users\papa\AppData\Roaming\ACD Systems
2009-05-13 16:02 . 2009-05-13 16:02 -------- d-----w- c:\programdata\ACD Systems
2009-05-13 16:02 . 2009-05-13 16:02 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-05-13 16:02 . 2009-05-13 16:02 -------- d-----w- c:\program files\ACD Systems
2009-05-12 06:03 . 2009-05-12 06:03 -------- d-----w- c:\program files\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 15:04 . 2007-11-27 09:45 4696 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-09 15:04 . 2007-11-27 09:45 4504 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-09 14:59 . 2009-03-27 09:16 89 ----a-w- c:\users\papa\AppData\Local\ciuwgeq.bat
2009-06-09 14:57 . 2009-03-13 07:39 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2009-06-09 14:56 . 2008-10-11 22:52 3219578880 --sha-w- \hiberfil.sys
2009-06-09 14:56 . 2008-05-08 06:11 3533369344 --sha-w- \pagefile.sys
2009-06-09 14:48 . 2007-11-27 01:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-09 11:51 . 2008-09-15 18:00 -------- d-----w- c:\users\papa\AppData\Roaming\uTorrent
2009-06-09 11:26 . 2009-06-09 11:26 1544728 ----a-w- c:\programdata\SPL3870.tmp
2009-06-09 11:22 . 2009-06-09 11:22 2546148 ----a-w- c:\programdata\SPL7CAE.tmp
2009-06-07 16:26 . 2008-10-11 23:03 -------- d-----w- c:\program files\Microsoft
2009-06-06 21:10 . 2008-09-04 16:08 1364 ----a-w- c:\users\papa\AppData\Roaming\wklnhst.dat
2009-06-02 14:32 . 2008-08-17 11:14 27240 ----a-w- c:\users\papa\AppData\Roaming\nvModes.dat
2009-06-02 10:59 . 2009-06-02 10:59 1442272 ----a-w- c:\programdata\SPL9717.tmp
2009-05-18 13:02 . 2008-11-10 20:53 -------- d-----w- c:\users\papa\AppData\Roaming\LimeWire
2009-05-17 13:28 . 2009-05-17 13:28 408408 ----a-w- c:\programdata\SPL600.tmp
2009-05-17 13:01 . 2008-09-01 07:45 -------- d-----w- c:\program files\Google
2009-05-10 13:35 . 2009-02-24 21:04 -------- d-----w- c:\program files\DivX
2009-05-10 13:35 . 2009-02-24 21:05 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-10 13:35 . 2009-05-10 13:35 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-06 06:47 . 2008-05-08 06:27 -------- d-----w- c:\program files\Realtek
2009-05-04 09:08 . 2009-04-20 18:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-04 09:08 . 2009-04-20 18:18 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-04 09:08 . 2009-04-20 18:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-04 09:07 . 2009-04-20 18:18 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-26 09:31 . 2009-04-26 09:31 -------- d-----w- c:\program files\7-Zip
2009-04-25 21:22 . 2008-11-10 19:25 -------- d-----w- c:\programdata\WinZip
2009-04-25 21:10 . 2009-04-25 21:10 -------- d-----w- c:\program files\Hide Folders XP 2
2009-04-20 18:18 . 2009-04-20 18:18 -------- d-----w- c:\programdata\avg8
2009-04-17 07:29 . 2009-03-23 13:42 -------- d-----w- c:\program files\QuickMediaConverter
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-12 12:55 . 2009-04-12 12:55 -------- d-----w- c:\users\papa\AppData\Roaming\Megaupload
2009-04-12 12:54 . 2009-04-12 12:54 -------- d-----w- c:\programdata\Megaupload
2009-04-12 12:54 . 2009-04-12 12:54 -------- d-----w- c:\programdata\EmailNotifier
2009-04-12 12:53 . 2009-04-12 12:53 -------- d-----w- c:\program files\Megaupload
2009-04-12 08:51 . 2008-08-14 18:57 110184 ----a-w- c:\users\papa\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-12 08:04 . 2009-04-12 08:04 -------- d-----w- c:\programdata\HP Product Assistant
2009-04-07 20:13 . 2009-03-29 13:17 164417 ----a-w- c:\windows\hpoins19.dat
2009-04-07 07:35 . 2008-11-04 00:45 1356 ----a-w- c:\users\papa\AppData\Local\d3d9caps.dat
2009-03-30 09:17 . 2009-03-30 09:17 341680 ----a-w- c:\programdata\SPLBBAB.tmp
2009-03-29 14:20 . 2009-03-29 14:20 73728 ----a-w- c:\users\papa\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
2009-03-29 14:20 . 2009-03-29 14:20 499712 ----a-w- c:\users\papa\AppData\Roaming\LimeWire\browser\xulrunner\MSVCP71.DLL
2009-03-29 14:20 . 2009-03-29 14:20 348160 ----a-w- c:\users\papa\AppData\Roaming\LimeWire\browser\xulrunner\msvcr71.dll
2009-03-29 14:20 . 2009-03-29 14:20 102400 ----a-w- c:\users\papa\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
2009-03-29 14:20 . 2009-03-29 14:19 8462336 ----a-w- c:\users\papa\AppData\Roaming\LimeWire\browser\xulrunner\xul.dll
2009-03-26 16:00 . 2008-09-14 13:42 89 ----a-w- c:\users\papa\AppData\Local\ftkjaxg.bat
2009-03-17 03:38 . 2009-04-17 07:06 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 07:06 24064 ----a-w- c:\windows\system32\amxread.dll
2008-11-19 22:29 . 2008-12-07 20:41 512664117 ----a-w- c:\program files\air force one.wmv
2008-11-16 19:55 . 2008-11-16 19:55 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-04 1947928]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-17 4702208]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{193DAF2B-E008-4B37-9039-EA1C687DD5E5}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BD046E90-F042-4ADF-98F0-49D0BF91FFDA}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E71F544B-AF4A-4B94-90A1-97A2C0411530}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{5A93451F-3BCA-42B6-8693-C495DC3D24C5}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{8B8E8DD7-D8E1-40BC-B2F7-F9CB9E3D2373}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{3C13A388-EEA3-47FF-A72C-FC9B02CD209D}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{80370A05-B852-4049-9BFB-827AD35D8295}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{EFD6EB70-CB10-4546-95A5-A78AE9EF3E22}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{B0117865-0950-4179-8F77-D368F3E256B2}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{8E3BC65A-555D-4D8E-89A5-05308ED2D5E0}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{670C88F7-4CCA-4E29-B3B2-99493E21DE3E}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{ABF89DDD-647B-4734-9151-B3DC8CD031CC}"= UDP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{749C5C99-5BC7-4E11-BC38-CDD400F45CE3}"= TCP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{E9786117-5EEE-4E4A-9C76-AE6A76FF75B9}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{92E21271-6120-43D1-9D58-6F5B464E187C}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{141540DB-F7FB-4D78-9D2A-F86DA56A53E3}"= UDP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{F6783D52-5EBD-49D4-8CB1-DB478987FA53}"= TCP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{688D590D-AF01-414B-81B6-99DAA05B737D}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"{7806E6BE-A204-4D9B-8A7E-053C6370B5D1}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"TCP Query User{F263CECD-8238-4974-ACD1-25B0E0088C12}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"= UDP:c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"UDP Query User{CF438E9E-7983-4F47-813D-EE0BF7505CF8}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"= TCP:c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"{72B220FB-5FDD-4A42-A896-6E66F9CAE625}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{EA272A00-29C4-425E-BBC5-DCFD1285CEEC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{459199AF-84C9-4932-9786-46B180039E87}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{6980AF4B-DE1E-4040-B662-2B1ACD072CC5}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{58743290-D3BB-4E74-8FB3-7A1E9CBA797E}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{68B1FE77-F7FF-4522-955C-2846C6310458}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{70488D02-6937-472B-9B51-E2EA0A915CBC}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{5F4C9428-97E0-4E81-A90A-3E7D50E8AAEC}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{DCE5CB3C-22F3-4EE8-A7F3-D0E06231B252}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

R0 HFXP2;HFXP2;c:\windows\System32\drivers\hfxp2.sys [25/04/2009 23:10 17264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [20/04/2009 20:18 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [20/04/2009 20:18 108552]
R1 bckd;bckd;c:\windows\System32\drivers\bckd.sys [14/01/2009 01:39 72992]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/04/2009 20:18 298776]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [14/01/2009 01:39 1078560]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
S2 gupdate1c9ae406ccb7980;Google Update Service (gupdate1c9ae406ccb7980);c:\program files\Google\Update\GoogleUpdate.exe [26/03/2009 20:26 133104]
S3 dump_wmimmc;dump_wmimmc;c:\program files\GOA\KnC\GameGuard\dump_wmimmc.sys [06/10/2008 14:43 180485]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [20/06/2005 09:12 215040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-06-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 18:26]

2009-06-09 c:\windows\Tasks\User_Feed_Synchronization-{88D1DA78-2F07-4678-B95E-09194ADDED46}.job
- c:\windows\system32\msfeedssync.exe [2008-09-07 07:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ciuwgeq - c:\users\papa\appdata\local\ciuwgeq.exe
HKLM-Run-RAMDrive - c:\program files\FarStone\VirtualDrive\VHD\RDTask.exe
HKLM-Run-CTCheck - c:\users\papa\Desktop\milan\ZEN Media Explorer\CTCheck.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://fr.yahoo.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\papa\AppData\Roaming\Mozilla\Firefox\Profiles\o3pkqf2j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(yahoo.homepage.dontask, true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 17:23
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\papa\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.032"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ani"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bay"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bmp"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bw"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bwf"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cel"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cr2"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.crw"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cs1"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cur"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcr"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcx"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dib"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djv"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djvu"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dng"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.emf"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.eps"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.erf"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fff"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.flc"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fli"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fpx"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.gif"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icl"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icn"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ico"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iff"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ilbm"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.int"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.inta"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iw4"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2c"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2k"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jfif"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jif"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jp2"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpc"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpe"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpeg"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1000850641-3593829271-1808858719-1000)
"Progid"="ACDSee 9.0.jpg"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpk"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpx"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.kar"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.lbm"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.m15"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.m1a"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.m2a"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.m75"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mos"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mrw"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.nef"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.orf"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pbm"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcd"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pct"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcx"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pef"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pgm"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pic"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pics"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pict"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pix"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.png"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ppm"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psd"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psp"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.qcp"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.qtpf"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raf"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ras"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raw"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgb"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgba"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rle"

[HKEY_USERS\S-1-5-21-1000850641-3593829271-1808858719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rsb"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-09 17:27
ComboFix-quarantined-files.txt 2009-06-09 15:27

Pre-Run: 37 658 157 056 octets libres
Post-Run: 37 950 873 600 octets libres

537 --- E O F --- 2009-06-08 14:37
0
Réponse 2 / 5
Cosmi
 
Wow ComboFix pour un Adware.

Cet adware est installé, entre autre, par les programmes :
- go-astro
- Instant Access
- InternetGameBox
- GoRecord
- HotTVPlayer
- Live Player
- MailSkinner
- Messenger Skinner <--- Le vôtre
- Sudoplanet
– Webmediaplayer,
- Official-emule,
- Funny emoticons

Rapport de recherche d'infection Navipromo.
Télécharger sur votre bureau Navilog1 (d'Il Mafioso) : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

► Désactivez la connexion Internet, l'UAC et votre antivirus.

• Installer et lancer Navilog1.exe par un clic-droit et >>
>> "Exécuter en tant qu'administrateur".

• Sélectionner l'option 1- Recherche et valider.
• >> Patientez jusqu'au message «Analyse terminée le ....».
• Le bloc note va s'ouvrir contenant le rapport
Afficher ce rapport sur votre prochain post (C:\fixnavi.txt).

Réactivez votre antivirus et l'UAC.

_______________________________________________________________________

Désinfection avec Malwarebytes.
Téléchargement : http://www.malwarebytes.org/mbam.php
Tutoriel : http://www.pcinfo-web.com/...
• Lancez l'installation,
• Dans [Settings] vous pouvez mettre en Français.
• Faites la mise à jours de Malwarebytes.
• Dans [Recherche] sélectionnez [Exécuter un examen Complet],
• Lorsque le scan sera complété, appuyer sur >>>>>>>>>> [Supprimer la sélection] .
>> Redémarrer si nécessaire..
Afficher le rapport Malwarebytes sur votre prochain post.
_______________________________________________________________________

CCleaner - Nettoyage des fichiers temporaires, Cookies..
Téléchargement version Slim : https://www.ccleaner.com/ccleaner/download
Tutoriel : https://jesses.pagesperso-orange.fr/Docs/Logiciels/CCleaner.htm

• Installer et lancer CCleaner,
• Décochez la mise à jour automatique,
• Appuyer sur [Lancer le Nettoyage].

Utiliser CCleaner après chaque session sur le net,
installation de logiciels et/ou avant de fermer le PC.
_______________________________________________________________________

Hijackthis - Produisez un Rapport d'analyse.
Téléchargement : http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
Tutoriel : https://jesses.pagesperso-orange.fr/Docs/Logiciels/HTJEasy.htm

• Installez et lancer HijackThis( via le raccourci créé sur votre bureau) par un clic-droit >>
>> Exécuter en tant qu'Administrateur.

• Appuyer sur [Do a system scan and save a logfile].
>> Le bloc-note va s'ouvrir avec un rapport,
Afficher le rapport HijackThis sur votre prochain post.
0
dcmoi Messages postés 85 Statut Membre 8
 
Pour Navilog1, lorsque je rentre dedans, il me demandent de choisir une langue et quand je click entrée, j'ai "acces refusé"
0
dcmoi Messages postés 85 Statut Membre 8
 
finalement j'ai reussi a le mettre en marche mais l'ordi a bloqué au milieu...tout a disparu de l'écran et le bureau a reapparu sans l'analyse.
0
dcmoi Messages postés 85 Statut Membre 8
 
je crois que c'est Navilog qui s'est remis en marche: voici le rapport:



Search Navipromo version 3.7.7 commencי le 09/06/2009 א 18:40:46,17

!!! Attention,ce rapport peut indiquer des fichiers/programmes lיgitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie dיsinfection sans l'avis d'un spיcialiste !!!

Outil exיcutי depuis C:\Program Files\navilog1

Mise א jour le 12.05.2009 א 18h00 par IL-MAFIOSO

X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : papa ( Administrator )
BOOT : Normal boot




C:\ (Local Disk) - NTFS - Total:137 Go (Free:34 Go)
D:\ (Local Disk) - NTFS - Total:11 Go (Free:2 Go)
E:\ (CD or DVD)


Recherche executי en mode normal


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\users\papa\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\papa\AppData\Local\virtualstore\Program Files" ***

...\InternetGameBox trouvי !


*** Recherche dossiers dans "C:\Users\papa\AppData\Local" ***




*** Recherche dossiers dans "C:\Users\papa\AppData\Roaming" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces rיsultats peuvent rיvיler des fichiers lיgitimes !!!
!!! A vיrifier impיrativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\papa\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\papa\AppData\Local\virtualstore\windows\system32" *

* Recherche dans "C:\Users\papa\AppData\Local" *



*** Recherche fichiers ***



*** Recherche clיs spיcifiques dans le Registre ***
!! Les clיs trouvיes ne sont pas forcיment infectיes !!


*** Module de Recherche complיmentaire ***
(Recherche fichiers spיcifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :


* Dans "C:\Users\papa\AppData\Local\Microsoft" :


* Dans "C:\Users\papa\AppData\Local\virtualstore\windows\system32" :


* Dans "C:\Users\papa\AppData\Local" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminיe le 09/06/2009 א 19:21:03,03 ***
0
Réponse 3 / 5
Cosmi
 
Supprimer ComboFix en copiant/collant dans Démarrer--> Recherche : ComboFix /u et valider.
Vérifier / supprimez QooBox qui est sur le C:\
0
Réponse 4 / 5
Cosmi
 
Vous aviez désactiver l'UAC et antivirus..

Continuez avec malwarebytes.. et les autre procédures
0
dcmoi Messages postés 85 Statut Membre 8
 
pour etre honnete, j'avais pas reussi cette fois a desactiver l'anti virus.
Je fais Malwarebytes maintenant
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
Cosmi
 
Navilog1 a détecté quelques choses, mais avant de procéder avec l'option de désinfection avec Navilog1.
Vais attendre le rapport de malwarebytes.

Avez vous supprimer comboFix, tel que mentionné à ce message : http://www.commentcamarche.net/forum/affich 12804925 a l aide cheval de troie#5
0
dcmo
 
merci pour tout,
L'analyse avait tjs pas terminée à 23h donc j'ai laissé l'ordinateur allumé. J'avais l'intention de continuer ce matin mais a ma grande chance, un ami informaticien est venu ce matin, il va s'occuper de l'ordinateur.

Merci encore!
0

Discussions similaires

expressions francaises
bifaka -
lanonyme -

4 réponses
Cheval de troie comment le supprimer?
sonia -
^^Marie^^ -

28 réponses
virus: comment supprimer ccxprocess (virus cheval de troie)
grrlesang -
bazfile -

1 réponse
cheval dans oblivion
sernaldo53 -
sernaldo53 -

12 réponses
comment se debarasser d un cheval de troie
jennyfer1 -
MrMaDGaME -

66 réponses