Sujet Précédent Sujet Suivant

Virus

monkey -  
 Utilisateur anonyme -
Bonjour,
je suis dans la merde mon pc se redémarre a chaque fois et un message sur une ecran bleu s'afiche et j'ai remarque qu'il y a 3 fichié dk.exe ep.com autorun.inf et d'autre merde merci d'avance pour l'aide
A voir également:

43 réponses

Précédent
Réponse 21 / 43
theone
 
tu peut m'explique un peu ce que ce logiciel fait brefement
0
Réponse 22 / 43
theone
 
j'ai la fait il recomence de le debut
0
Réponse 23 / 43
Utilisateur anonyme
 
ce logiciel , retire beaucoup d'infections
0
Réponse 24 / 43
theone
 
ComboFix 09-07-14.04 - psc 15/07/2009 1:59.2.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1015.687 [GMT 1:00]
Running from: c:\documents and settings\psc\Bureau\ch.exe
Command switches used :: c:\documents and settings\psc\Bureau\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\bf23567.dat"
"c:\windows\system32\drivers\35f0d98.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\psc\Application Data\wiaserva.log
c:\windows\bf23567.dat
c:\windows\system32\drivers\35f0d98.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPI32
-------\Legacy_ATI64SI
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_netsik
-------\Legacy_nicsk32
-------\Legacy_port135sik
-------\Legacy_securentm
-------\Legacy_systemntmi
-------\Legacy_ws2_32sik
-------\Service_35f0d98

((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-15 00:34 . 2009-07-15 00:34 91492 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-15 00:34 . 2009-07-15 00:34 85860 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-15 00:34 . 2009-07-15 01:03 5920 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-15 00:34 . 2009-07-15 01:03 176160 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-15 00:34 . 2009-07-15 00:34 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-15 00:33 . 2009-07-15 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-14 10:52 . 2009-07-14 10:52 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-07-14 10:52 . 2009-07-14 10:52 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-07-14 10:52 . 2009-07-14 10:52 -------- d-----w- c:\program files\Prevx
2009-07-14 10:52 . 2009-07-14 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-07-13 23:30 . 2009-07-13 23:30 -------- d-----w- C:\Temp
2009-07-13 23:21 . 2009-07-13 23:21 -------- d-----w- C:\$WIN_NT$.~BT
2009-07-13 22:19 . 2009-07-15 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-12 11:52 . 2009-07-12 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-07-12 11:50 . 2009-07-12 11:50 -------- d-----w- c:\program files\Fichiers communs\Adobe Systems Shared
2009-07-12 11:47 . 2009-07-12 11:47 -------- d-----w- c:\windows\system32\Adobe
2009-07-12 11:47 . 2004-08-17 00:40 16384 ----a-w- c:\windows\system32\FileOps.exe
2009-07-12 11:39 . 2009-07-12 11:39 -------- d-----w- c:\windows\Adobe Illustrator CS
2009-07-06 11:40 . 2009-07-06 11:40 -------- d-----w- c:\documents and settings\psc\Local Settings\Application Data\WMTools Downloaded Files
2009-07-04 02:04 . 2009-07-04 08:04 228864 ----a-w- c:\documents and settings\psc\Application Data\Microsoft\Word\Lucene.dll
2009-07-01 18:01 . 2009-07-01 18:29 -------- d-----w- c:\documents and settings\psc\Application Data\dvdcss
2009-07-01 03:00 . 2009-07-01 03:00 -------- d-----w- c:\documents and settings\psc\Application Data\Datalayer
2009-07-01 02:55 . 2009-07-01 02:55 -------- d-----w- c:\documents and settings\psc\Application Data\Nokia
2009-06-24 10:58 . 2009-06-24 10:58 -------- d-----w- c:\documents and settings\psc\Application Data\Media Player Classic
2009-06-24 01:38 . 2009-07-01 11:55 -------- d-----w- c:\documents and settings\psc\Application Data\vlc
2009-06-24 01:37 . 2009-06-24 01:37 -------- d-----w- c:\program files\VideoLAN
2009-06-23 01:25 . 2009-07-01 03:00 -------- d-----w- c:\documents and settings\psc\Phone Browser
2009-06-23 01:23 . 2009-06-23 01:23 -------- d-----w- c:\program files\DIFX
2009-06-19 18:20 . 2009-06-19 18:20 1 ---h--w- c:\windows\jmmark2.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 01:03 . 2009-07-15 00:34 4088 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-15 01:03 . 2009-07-15 00:34 1532 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-15 00:27 . 2002-08-30 12:00 64930 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-15 00:27 . 2002-08-30 12:00 448428 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-15 00:11 . 2008-06-11 05:13 78912 ----a-w- c:\documents and settings\psc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-13 22:03 . 2008-06-11 05:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-12 12:15 . 2008-06-11 05:18 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-07-12 12:12 . 2008-06-11 05:20 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-07-06 11:40 . 2009-06-23 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-07-06 11:40 . 2009-06-23 01:22 -------- d-----w- c:\program files\Fichiers communs\PCSuite
2009-06-24 01:36 . 2009-06-24 01:36 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-23 01:23 . 2009-06-23 01:22 -------- d-----w- c:\documents and settings\psc\Application Data\PC Suite
2009-06-23 01:22 . 2009-06-23 01:22 -------- d-----w- c:\program files\Nokia
2009-06-23 01:22 . 2009-06-23 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-05-30 15:30 . 2009-05-30 15:30 51712 --sh--r- c:\windows\system32\activedso.exe
.

------- Sigcheck -------

[-] 2008-05-31 17:38 1548288 245B58B046D6970612CA6F0C796749B8 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-15_00.03.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-08-30 12:00 . 2009-07-15 00:27 53942 c:\windows\system32\perfc009.dat
+ 2007-12-17 23:43 . 2007-12-17 23:43 23396 c:\windows\system32\drivers\klopp.dat
+ 2007-12-13 12:28 . 2007-12-13 12:28 24592 c:\windows\system32\drivers\klim5.sys
+ 2002-08-30 12:00 . 2009-07-15 00:27 383588 c:\windows\system32\perfh009.dat
+ 2007-12-17 23:44 . 2007-12-17 23:44 219664 c:\windows\system32\klogon.dll
+ 2007-12-19 13:49 . 2007-12-19 13:49 194832 c:\windows\system32\drivers\klif.sys
+ 2007-10-31 12:41 . 2007-10-31 12:41 110096 c:\windows\system32\drivers\kl1.sys
+ 2009-07-15 00:34 . 2009-07-15 00:34 2866688 c:\windows\Installer\aadf5.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 149040]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-18 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-19 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-05-04 161328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-17 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\psc\Menu D‚marrer\Programmes\D‚marrage\
rncsys32.exe [2004-8-19 27648]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\kasperskyantivirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\MSN Gaming Zone\\Windows\\shvlzm.exe"=
"c:\\Program Files\\MSN Gaming Zone\\Windows\\zClientm.exe"=
"c:\\WINDOWS\\system32\\spider.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMIndexStoreSvr.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\WINDOWS\\system32\\igfxext.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Fichiers communs\\LightScribe\\LightScribeControlPanel.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [14/07/2009 11:52 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [14/07/2009 11:52 27656]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [14/07/2009 11:52 4368952]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 13:28 24592]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {F08CBB0F-F2F6-4C66-B77E-53588EDB385B} = 193.95.66.10,193.95.66.20
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 02:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\psc\LOCALS~1\Temp\RGI4.tmp 7136 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wuauserv\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1416)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1472)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll

- - - - - - - > 'explorer.exe'(3448)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE
.
**************************************************************************
.
Completion time: 2009-07-15 2:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-15 01:06
ComboFix2.txt 2009-07-15 00:06

Pre-Run: 37 827 469 312 octets libres
Post-Run: 37 803 089 920 octets libres

232
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 43
Utilisateur anonyme
 
reessaie findykill maintenant comme au post1
0
Réponse 26 / 43
theone
 
explique mois encore
0
Réponse 27 / 43
theone
 
sa servit a qoi de faire tout ce test ca n'a pas eliminé le virus ou ce just de raport
0
Réponse 28 / 43
theone
 
kasperskey ne pourra pas rien faire
0
Réponse 29 / 43
Utilisateur anonyme
 
tu etait tres infecté maintenant tu l'es moins mais toujours

fais ce que je t ai demandé en premiere reponse stp
0
Réponse 30 / 43
theone
 
ComboFix 09-07-14.04 - Administrateur 15.07.2009 1:52.1.1 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.7.1036.18.191.83 [GMT 2:00]
Running from: c:\documents and settings\Administrateur\Mes documents\Téléchargements\ch.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\start.exe
c:\windows\Web\default.htt
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-14 23:13 . 2009-07-14 23:13 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Vidalia
2009-07-14 22:01 . 2009-07-14 22:01 -------- d-----w- c:\program files\Vidalia Bundle
2009-07-14 21:34 . 2009-07-14 21:34 0 ----a-w- c:\windows\nsreg.dat
2009-07-14 21:34 . 2009-07-14 21:34 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2009-07-14 09:45 . 2009-07-14 09:45 -------- d-----w- c:\program files\Fichiers communs\Nero
2009-07-14 09:45 . 2009-07-14 09:45 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Nero
2009-07-14 09:26 . 2009-07-14 09:26 388000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-07-14 09:26 . 2009-07-14 09:26 32288 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-07-14 09:25 . 2009-07-14 09:25 99776 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-07-14 09:24 . 2009-07-14 09:24 -------- d-----w- c:\program files\Fichiers communs\Acronis
2009-07-14 09:24 . 2009-07-14 09:24 -------- d-----w- c:\program files\Acronis
2009-07-14 06:18 . 2004-08-03 21:08 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2009-07-14 05:37 . 2009-07-14 05:37 -------- d-----w- c:\program files\7-Zip
2009-07-14 04:58 . 2009-07-14 04:58 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Identities
2009-07-14 04:42 . 2002-08-30 12:00 1677824 ----a-w- c:\windows\system32\dllcache\chsbrkr.dll
2009-07-14 04:42 . 2002-08-30 12:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
2009-07-14 04:42 . 2002-08-30 12:00 838144 ----a-w- c:\windows\system32\dllcache\chtbrkr.dll
2009-07-14 04:42 . 2002-08-30 12:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll
2009-07-14 04:42 . 2002-08-30 12:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2009-07-14 04:42 . 2002-08-30 12:00 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll
2009-07-14 04:42 . 2002-08-30 12:00 98304 ----a-w- c:\windows\system32\msir3jp.dll
2009-07-14 04:42 . 2002-08-30 12:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-07-14 04:42 . 2002-08-30 12:00 19456 ----a-w- c:\windows\system32\dllcache\agt0404.dll
2009-07-14 04:42 . 2002-08-30 12:00 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
2009-07-14 04:42 . 2002-08-30 12:00 19456 ----a-w- c:\windows\system32\dllcache\agt0804.dll
2009-07-14 04:40 . 2002-08-30 12:00 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll
2009-07-14 04:23 . 2009-07-14 04:23 -------- d-s---w- c:\documents and settings\Administrateur\UserData
2009-07-14 04:14 . 2009-07-14 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-14 04:11 . 2004-08-19 16:09 15872 ----a-w- c:\windows\system32\dllcache\msgrocm.dll
2009-07-14 04:10 . 2004-08-19 16:09 17408 ----a-w- c:\windows\system32\dllcache\ocmsn.dll
2009-07-14 04:10 . 2002-08-30 14:00 18176 ----a-w- c:\windows\system32\dllcache\vga64k.dll
2009-07-14 04:10 . 2002-08-30 14:00 51456 ----a-w- c:\windows\system32\dllcache\vga256.dll
2009-07-14 04:09 . 2002-08-30 14:00 57344 ----a-w- c:\windows\system32\dllcache\mfc42fra.dll
2009-07-14 04:09 . 2004-08-19 16:08 2986496 ----a-w- c:\windows\system32\dllcache\sprt040c.dll
2009-07-14 04:09 . 2004-08-19 16:09 34304 ----a-w- c:\windows\system32\dllcache\tabletoc.dll
2009-07-14 04:09 . 2004-08-19 16:09 16896 ----a-w- c:\windows\system32\dllcache\medctroc.dll
2009-07-14 04:06 . 2004-08-19 16:09 219648 ----a-w- c:\windows\system32\dllcache\uxtheme.dll
2009-07-14 04:05 . 2004-08-19 16:10 50688 ----a-w- c:\windows\system32\dllcache\smss.exe
2009-07-14 04:04 . 2004-08-19 16:08 24064 ----a-w- c:\windows\system32\dllcache\pidgen.dll
2009-07-14 04:03 . 2004-08-19 16:09 72192 ----a-w- c:\windows\system32\dllcache\msacm32.dll
2009-07-14 04:02 . 2004-08-19 16:09 278016 ----a-w- c:\windows\system32\dllcache\gdi32.dll
2009-07-14 04:02 . 2004-08-19 16:09 132608 ----a-w- c:\windows\system32\dllcache\fxsocm.dll
2009-07-14 04:02 . 2004-08-19 16:09 32828 ----a-w- c:\windows\system32\dllcache\fp40ext.dll
2009-07-14 04:02 . 2004-08-19 16:08 9344 ----a-w- c:\windows\system32\dllcache\framebuf.dll
2009-07-14 04:02 . 2004-08-19 16:09 55808 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2009-07-14 04:02 . 2004-08-19 16:09 1097728 ----a-w- c:\windows\system32\dllcache\esent.dll
2009-07-14 03:46 . 2002-08-30 12:00 31360 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2009-07-14 03:46 . 2002-08-30 12:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2009-07-14 03:46 . 2004-08-19 14:09 53248 ----a-w- c:\windows\system32\dllcache\wamreg51.dll
2009-07-14 03:46 . 2002-08-30 12:00 9216 ----a-w- c:\windows\system32\dllcache\wamps51.dll
2009-07-14 03:46 . 2004-08-19 14:09 77824 ----a-w- c:\windows\system32\dllcache\wam51.dll
2009-07-14 03:46 . 2004-08-19 14:09 366592 ----a-w- c:\windows\system32\dllcache\w3svc.dll
2009-07-14 03:46 . 2002-08-30 12:00 5632 ----a-w- c:\windows\system32\dllcache\w3svapi.dll
2009-07-14 03:46 . 2002-08-30 12:00 74240 ----a-w- c:\windows\system32\dllcache\w3ext.dll
2009-07-14 03:46 . 2002-08-30 12:00 4608 ----a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2009-07-14 03:46 . 2002-08-30 12:00 48256 ----a-w- c:\windows\system32\dllcache\w32.dll
2009-07-14 03:44 . 2002-08-30 12:00 10240 ----a-w- c:\windows\system32\dllcache\snmpstup.dll
2009-07-14 03:43 . 2004-08-19 14:09 221696 ----a-w- c:\windows\system32\dllcache\seo.dll
2009-07-14 03:42 . 2002-08-30 12:00 20992 ----a-w- c:\windows\system32\dllcache\permchk.dll
2009-07-14 03:42 . 2002-08-30 12:00 31744 ----a-w- c:\windows\system32\dllcache\pagecnt.dll
2009-07-14 03:42 . 2001-08-23 15:47 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-07-14 03:42 . 2004-08-19 14:09 45056 ----a-w- c:\windows\system32\dllcache\nsepm.dll
2009-07-14 03:42 . 2002-08-30 12:00 53248 ----a-w- c:\windows\system32\dllcache\nextlink.dll
2009-07-14 03:42 . 2002-08-30 12:00 111104 ----a-w- c:\windows\system32\dllcache\mtstocom.exe
2009-07-14 03:42 . 2004-08-19 14:10 40960 ----a-w- c:\windows\system32\dllcache\msiregmv.exe
2009-07-14 03:41 . 2004-08-19 14:09 7680 ----a-w- c:\windows\system32\dllcache\migregdb.exe
2009-07-14 03:41 . 2002-08-30 12:00 92416 ----a-w- c:\windows\system32\dllcache\mga.sys
2009-07-14 03:41 . 2002-08-30 12:00 92032 ----a-w- c:\windows\system32\dllcache\mga.dll
2009-07-14 03:41 . 2004-08-19 14:09 86016 ----a-w- c:\windows\system32\dllcache\metada51.dll
2009-07-14 03:41 . 2002-08-30 12:00 26624 ----a-w- c:\windows\system32\dllcache\mdsync.dll
2009-07-14 03:41 . 2004-08-19 14:09 37888 ----a-w- c:\windows\system32\dllcache\md5filt.dll
2009-07-14 03:41 . 2001-08-23 15:47 65536 ----a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2009-07-14 03:41 . 2004-08-19 14:09 19456 ----a-w- c:\windows\system32\dllcache\lprmon.dll
2009-07-14 03:41 . 2004-08-19 14:09 23040 ----a-w- c:\windows\system32\dllcache\lpdsvc.dll
2009-07-14 03:41 . 2004-08-19 14:09 13312 ----a-w- c:\windows\system32\dllcache\lonsint.dll
2009-07-14 03:41 . 2002-08-30 12:00 22016 ----a-w- c:\windows\system32\dllcache\logscrpt.dll
2009-07-14 03:41 . 2004-08-19 14:09 33792 ----a-w- c:\windows\system32\dllcache\lmmib2.dll
2009-07-14 03:39 . 2002-08-30 12:00 5632 ----a-w- c:\windows\system32\dllcache\kbda1.dll
2009-07-14 03:39 . 2002-08-30 12:00 18432 ----a-w- c:\windows\system32\dllcache\jupiw.dll
2009-07-14 03:39 . 2002-08-30 12:00 9216 ----a-w- c:\windows\system32\dllcache\iwrps.dll
2009-07-14 03:39 . 2004-08-19 14:09 27648 ----a-w- c:\windows\system32\dllcache\iscomlog.dll
2009-07-14 03:39 . 2002-08-30 12:00 7168 ----a-w- c:\windows\system32\dllcache\isapips.dll
2009-07-14 03:39 . 2004-08-19 14:09 36864 ----a-w- c:\windows\system32\dllcache\iprip.dll
2009-07-14 03:39 . 2002-08-30 12:00 8704 ----a-w- c:\windows\system32\dllcache\infoctrs.dll
2009-07-14 03:39 . 2004-08-19 14:09 257024 ----a-w- c:\windows\system32\dllcache\infocomm.dll
2009-07-14 03:39 . 2004-08-19 14:09 15872 ----a-w- c:\windows\system32\dllcache\inetin51.exe
2009-07-14 03:38 . 2002-08-30 12:00 6656 ----a-w- c:\windows\system32\dllcache\iissync.exe
2009-07-14 03:38 . 2002-08-30 12:00 3584 ----a-w- c:\windows\system32\dllcache\iismui.dll
2009-07-14 03:38 . 2004-08-19 14:09 79872 ----a-w- c:\windows\system32\dllcache\iislog51.dll
2009-07-14 03:38 . 2004-08-19 14:09 7168 ----a-w- c:\windows\system32\dllcache\iisfecnv.dll
2009-07-14 03:38 . 2002-08-30 12:00 19456 ----a-w- c:\windows\system32\dllcache\iiscrmap.dll
2009-07-14 03:38 . 2002-08-30 12:00 60928 ----a-w- c:\windows\system32\dllcache\iisclex4.dll
2009-07-14 03:38 . 2004-08-19 14:09 145408 ----a-w- c:\windows\system32\dllcache\iische51.dll
2009-07-14 03:38 . 2004-08-19 14:09 25088 ----a-w- c:\windows\system32\dllcache\iisadmin.dll
2009-07-14 03:38 . 2004-08-19 14:09 62464 ----a-w- c:\windows\system32\dllcache\httpod51.dll
2009-07-14 03:38 . 2004-08-19 14:09 8192 ----a-w- c:\windows\system32\dllcache\httpmb51.dll
2009-07-14 03:38 . 2004-08-19 14:09 268288 ----a-w- c:\windows\system32\dllcache\httpext.dll
2009-07-14 03:36 . 2004-08-19 14:09 6144 ----a-w- c:\windows\system32\dllcache\ftpmib.dll
2009-07-14 03:35 . 2002-08-30 12:00 19456 ----a-w- c:\windows\system32\dllcache\cprofile.exe
2009-07-14 03:35 . 2002-08-30 12:00 20480 ----a-w- c:\windows\system32\dllcache\counters.dll
2009-07-14 03:35 . 2002-08-30 12:00 56832 ----a-w- c:\windows\system32\dllcache\convlog.exe
2009-07-14 03:35 . 2002-08-30 12:00 33792 ----a-w- c:\windows\system32\dllcache\controt.dll
2009-07-14 03:35 . 2004-08-19 14:09 24064 ----a-w- c:\windows\system32\dllcache\compfilt.dll
2009-07-14 03:35 . 2002-08-30 12:00 14848 ----a-w- c:\windows\system32\dllcache\chgusr.exe
2009-07-14 03:35 . 2002-08-30 12:00 15872 ----a-w- c:\windows\system32\dllcache\chgport.exe
2009-07-14 03:35 . 2002-08-30 12:00 13824 ----a-w- c:\windows\system32\dllcache\chglogon.exe
2009-07-14 03:35 . 2002-08-30 12:00 10240 ----a-w- c:\windows\system32\dllcache\change.exe
2009-07-14 03:35 . 2002-08-30 12:00 54528 ----a-w- c:\windows\system32\dllcache\cap7146.sys
2009-07-14 03:35 . 2002-08-30 12:00 10752 ----a-w- c:\windows\system32\dllcache\c_iscii.dll
2009-07-14 03:31 . 2004-08-19 14:09 189440 ----a-w- c:\windows\system32\dllcache\smtpadm.dll
2009-07-14 03:30 . 2003-03-24 13:52 188480 ----a-w- c:\windows\system32\dllcache\cfgwiz.exe
2009-07-14 03:30 . 2003-03-24 13:52 16439 ----a-w- c:\windows\system32\dllcache\author.exe
2009-07-14 03:30 . 2003-03-24 13:52 20540 ----a-w- c:\windows\system32\dllcache\author.dll
2009-07-14 03:30 . 2004-08-19 14:09 290816 ----a-w- c:\windows\system32\dllcache\adsiis51.dll
2009-07-14 03:30 . 2004-08-19 14:09 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
2009-07-14 03:30 . 2003-03-24 13:52 16439 ----a-w- c:\windows\system32\dllcache\admin.exe
2009-07-14 03:30 . 2003-03-24 13:52 20540 ----a-w- c:\windows\system32\dllcache\admin.dll
2009-07-14 03:30 . 2009-07-14 03:30 -------- d-----w- c:\windows\system32\xircom
2009-07-14 03:30 . 2009-07-14 03:30 -------- d-----w- c:\windows\system32\wbem\snmp
2009-07-14 03:30 . 2009-07-14 03:30 -------- d-----w- c:\program files\microsoft frontpage
2009-07-14 03:29 . 2009-07-14 03:29 6468 ----a-w- c:\windows\LnkStub.dat
2009-07-14 03:24 . 2009-07-14 03:24 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2009-07-14 03:20 . 2009-07-14 03:21 -------- d-sh--w- c:\documents and settings\All Users\DRM
2009-07-14 03:17 . 2004-08-19 14:10 226816 ----a-w- c:\windows\system32\dllcache\npdrmv2.dll
2009-07-14 03:15 . 2009-07-14 03:15 -------- d-----w- c:\windows\system32\wbem\AutoRecover

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 09:14 . 2009-07-14 03:21 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-14 03:52 . 2009-07-14 02:09 48616 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-14 03:52 . 2009-07-14 02:09 367658 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-14 03:27 . 2009-07-14 03:27 164352 ----a-w- c:\windows\system32\migicons.exe
2009-07-14 01:10 . 2009-07-14 01:10 -------- d-----w- c:\program files\Mediamatics
2009-07-14 01:08 . 2009-07-14 01:08 -------- d-----w- c:\program files\RZS
2009-07-14 01:08 . 2009-07-14 01:07 -------- d-----w- c:\program files\Network Associates
2009-07-14 00:58 . 1979-12-31 22:00 -------- d-----w- c:\program files\REAL
2009-07-14 00:58 . 1979-12-31 22:00 -------- d-----w- c:\program files\FRX
2009-07-14 00:58 . 1979-12-31 22:00 -------- d-----w- c:\program files\CHAT
1998-09-22 10:17 . 1998-09-22 10:17 11208 ---ha-w- c:\program files\folder.htt
2009-06-24 15:27 . 2009-07-14 21:33 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2004-08-19 14:09 8440320 ----a-w- c:\windows\SYSTEM32\shell32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-19 1667584]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-26 11852288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWelcome"="c:\program files\HP\HPCENTER.EXE" [1997-11-12 44032]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe" [2006-07-20 1106531]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe" [2006-07-20 1848218]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-07-20 126976]
"DVDUpgrade"="DVDUpgrd.exe" - c:\windows\SYSTEM32\dvdupgrd.exe [2004-08-19 17920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SoundFusion"=RunDll32 cwcprops.cpl,CrystalControlWnd
"SMARTAlerts"=c:\program files\HP\SMART\SMARTAlerts.exe
"VsecomrEXE"=c:\program files\Network Associates\McAfee VirusScan\VSECOMR.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acronis\\TrueImageEnterpriseServer\\TrueImage.exe"=
"c:\\Program Files\\Vidalia Bundle\\Tor\\tor.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys --> c:\windows\system32\drivers\pxsec.sys [?]
R3 G200;G200;c:\windows\SYSTEM32\DRIVERS\G200m.sys [14.07.2009 4:32 320512]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ACRSCH2SVC
*NewlyCreated* - TIFSFILTER
*Deregistered* - CSIScanner

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser]
RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exeadvpack.dll
.
Contents of the 'Scheduled Tasks' folder

2009-07-14 c:\windows\Tasks\Rappel d'expiration de la désinstallation.job
- c:\windows\system32\OOBE\oobebaln.exe [2009-07-14 14:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.topnet.tn/
mLocal Page = c:\windows\SYSTEM\blank.htm
uInternet Connection Wizard,ShellNext = hxxp://www.topnet.tn/
TCP: {68E6C809-CDAD-431D-844D-B39916E0DEF7} = 192.168.1.254,192.168.1.255
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso4.cab
DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\dqtzhtpn.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 02:00
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...
ce le raport d'une autre machine
scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(632)
c:\windows\system32\relog_ap.dll
.
Completion time: 2009-07-15 2:03
ComboFix-quarantined-files.txt 2009-07-15 00:03

Pre-Run: 4 493 746 176 octets libres
Post-Run: 4 748 746 752 octets libres

285
0
Réponse 31 / 43
theone
 
###################### [ FindyKill V4.714 ]

# User : psc - PCS-163C083510C
# Emplacement : C:\Program Files\FindyKill
# Outils Mis a jours le 19/01/09 par Chiquitine29
# Recherche effectuée à 2:49:49 le 15/07/2009
# Windows XP - Internet Explorer 6.0.2900.2180

# [ FindyKill V4.714 - Scan ] ##############

\\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AEADISRV.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

\\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////

################## [ C:\ ]

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

################## [ C:\WINDOWS\system32 ]

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\psc\Application Data ]

################## [ C:\DOCUME~1\psc\LOCALS~1\Temp ]

Found ! - C:\DOCUME~1\psc\LOCALS~1\Temp\RarSFX0\ckis\crack.lst

\\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
LightScribe Control Panel=C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
IgfxTray=C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
Persistence=C:\WINDOWS\system32\igfxpers.exe
RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
LanguageShortcut="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
UserFaultCheck=%systemroot%\system32\dumprep 0 -u
AVP="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

\\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////

\\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////

# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - # Type de démarrage = 3

Ip6Fw - # Type de démarrage = 3

SharedAccess - # Type de démarrage = 2

wuauserv - # Type de démarrage = 2

wscsvc - # Type de démarrage = 2

\\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////

# Informations :

C: - Lecteur fixe

E: - Lecteur fixe

F: - Lecteur amovible

# presence des fichiers :

\\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////

-> Not found !

################## [ ! Fin du rapport # FindyKill V4.714 ! ]
0
Réponse 32 / 43
Utilisateur anonyme
 
je ne sais pas à quoi tu joues mais ....
0
Réponse 33 / 43
fushias Messages postés 82 Statut Membre 4
 
A vrai dire je ne trouve pas cela très drôle et l'apprentissage est ardu ! Mais je ne désespère pas comme du peux le voir et suis très contente d'avoir retrouver la discussions.
Hélas ! Otomatik Ayar est toujours là.......
0
Réponse 34 / 43
Utilisateur anonyme
 
ce n'est pas le findykill que j ai demandé ta version a deux mois
0
Réponse 35 / 43
theone
 
donne mois la version de ton findykell v ....
0
Réponse 36 / 43
Utilisateur anonyme
 
http://www.commentcamarche.net/forum/affich 13349167 virus?entiere#1
0
Réponse 37 / 43
fushias Messages postés 82 Statut Membre 4
 
J'ai téléchargé fushia-zip. Dézippé, je ne connais pas. Sur le fichier je ne vois point de clé mais une fermeture éclaire. Si je clique sur le fichier, j'obtiens un nouveau fichier fuschia-reg. Si je clique sur fushia-reg, on me demande si je veux exécuter le logiciel. Est-ce bien celà le processus
0
Réponse 38 / 43
Utilisateur anonyme
 
fushias reste sur l autre converstion ce topic n'est pas le tien
0
Réponse 39 / 43
theone
 
si tu peut m'aide à savoir commont
0
Réponse 40 / 43
Utilisateur anonyme
 
je ne comprends pas ta question
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses