Problème de vérus
owns
-
sherred Messages postés 8605 Statut Membre -
sherred Messages postés 8605 Statut Membre -
Bonjour,
ok je commence jai un vérus qui se présene comme un antiverus du no de onlyscan now et quand jouvre ma page explorer il aparet et men peche daccedé a u cite que je veut pire quand je réusi a allésur le cite il redemar mon ordit et j'ai 3 vérus comme sa il menvoi sur 3 cite qui veul scané mon pc l pire ses que mon antvir ne les trouve meme pas pourtant je suis avec avast ?????? jai 3 fichier qui me fatique
kernel32.dll C:\Documents and Settings\fs.VALUED-1725608B\Bureau\Dossier DLL du client API BASE Windows NT
winsock.dllC:\Documents and Settings\fs.VALUED-1725608B\Bureau\Dossier Windows Socket 16-Bit DLL
wsock32.dllC:\Documents and Settings\fs.VALUED-1725608B\Bureau\DossierDLL Socket 32-bits Windows
dans mon avast il ont en quarentaine comment faire pour les enlevé ou les restoré
et jai eu firefox un truck comme sa je ne le trouve plus mais je sis quil es la comment faire pour le retiré
merci
sa fait just 3 semaine que je me fait chier avec ce véru
merci bonne journée
ok je commence jai un vérus qui se présene comme un antiverus du no de onlyscan now et quand jouvre ma page explorer il aparet et men peche daccedé a u cite que je veut pire quand je réusi a allésur le cite il redemar mon ordit et j'ai 3 vérus comme sa il menvoi sur 3 cite qui veul scané mon pc l pire ses que mon antvir ne les trouve meme pas pourtant je suis avec avast ?????? jai 3 fichier qui me fatique
kernel32.dll C:\Documents and Settings\fs.VALUED-1725608B\Bureau\Dossier DLL du client API BASE Windows NT
winsock.dllC:\Documents and Settings\fs.VALUED-1725608B\Bureau\Dossier Windows Socket 16-Bit DLL
wsock32.dllC:\Documents and Settings\fs.VALUED-1725608B\Bureau\DossierDLL Socket 32-bits Windows
dans mon avast il ont en quarentaine comment faire pour les enlevé ou les restoré
et jai eu firefox un truck comme sa je ne le trouve plus mais je sis quil es la comment faire pour le retiré
merci
sa fait just 3 semaine que je me fait chier avec ce véru
merci bonne journée
10 réponses
il se présente sur 2 cite que explorer menvoie a chaque foi que jouvre une page net
www.onlinespywaresscan.net
www.yoteamo.net
leur fonction es de scané mon ordit en me disent que jai un vérus mais ses programe son des verus je suis pas capble de men débarassé il ralentisent mon ordi mon réseau tout koi et quand je vais sur des cite comme facebook il redemare mon ordit
www.onlinespywaresscan.net
www.yoteamo.net
leur fonction es de scané mon ordit en me disent que jai un vérus mais ses programe son des verus je suis pas capble de men débarassé il ralentisent mon ordi mon réseau tout koi et quand je vais sur des cite comme facebook il redemare mon ordit
bonjour
genre faux antivirus
télécharge hijackthis http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
>> enregistre la cible sous .... "le bureau" renomme HJTInstall.exe en par exemple HJT.exe
>> Fais un double-clic sur "HJT.exe" afin de lancer l'installation
>> Clique sur Install ensuite sur "I Accept"
>> Clique sur" Do a scan system and save log file"
>> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
genre faux antivirus
télécharge hijackthis http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
>> enregistre la cible sous .... "le bureau" renomme HJTInstall.exe en par exemple HJT.exe
>> Fais un double-clic sur "HJT.exe" afin de lancer l'installation
>> Clique sur Install ensuite sur "I Accept"
>> Clique sur" Do a scan system and save log file"
>> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
parce que un virus sa ce répare par avast icit au Québec quand un VIRUS ce regle pas on dit un osti de vérus hahaha
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:43:35, on 2009-07-24
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/en-ca?checklang=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6B500135-FB5E-4AE7-8C69-CF7F87E0C85F} - C:\WINDOWS\system32\byXOfgGV.dll (disabled by BHODemon)
O2 - BHO: (no name) - {6D001B3B-89F5-446A-A0B5-BECB7146CFEF} - C:\WINDOWS\system32\ddcYsRIY.dll (disabled by BHODemon)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {835F2142-56CA-4557-88C2-63AE229260D1} - C:\WINDOWS\system32\uRLeFwTn.dll (disabled by BHODemon)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\fs.VALUED-1725608B\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://my.yahoo.com/
O15 - Trusted Zone: https://apps.facebook.com/
O15 - Trusted Zone: https://www.facebook.com/
O15 - Trusted Zone: http://www.myyearbook.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://academiegsi.dyndns.org/Remote/msrdp.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\dpwsockx32.dll
O20 - Winlogon Notify: 89e18b3638 - C:\WINDOWS\System32\dpwsockx32.dll
O20 - Winlogon Notify: UpdateNf - C:\WINDOWS\SYSTEM32\updatenf.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\SONY\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Media Platform\UPnPFramework.exe
Scan saved at 09:43:35, on 2009-07-24
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/en-ca?checklang=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6B500135-FB5E-4AE7-8C69-CF7F87E0C85F} - C:\WINDOWS\system32\byXOfgGV.dll (disabled by BHODemon)
O2 - BHO: (no name) - {6D001B3B-89F5-446A-A0B5-BECB7146CFEF} - C:\WINDOWS\system32\ddcYsRIY.dll (disabled by BHODemon)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {835F2142-56CA-4557-88C2-63AE229260D1} - C:\WINDOWS\system32\uRLeFwTn.dll (disabled by BHODemon)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\fs.VALUED-1725608B\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://my.yahoo.com/
O15 - Trusted Zone: https://apps.facebook.com/
O15 - Trusted Zone: https://www.facebook.com/
O15 - Trusted Zone: http://www.myyearbook.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://academiegsi.dyndns.org/Remote/msrdp.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\dpwsockx32.dll
O20 - Winlogon Notify: 89e18b3638 - C:\WINDOWS\System32\dpwsockx32.dll
O20 - Winlogon Notify: UpdateNf - C:\WINDOWS\SYSTEM32\updatenf.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\SONY\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Media Platform\UPnPFramework.exe
Télécharge combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt
Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
arrete les anti virus et autres protection pendand l'analyse
Pendant la durée de l'analyse ne te sert pas de ton pc
une fois l'analyse terminé ,remet toute tes protections antivirus et antispywares
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt
Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
arrete les anti virus et autres protection pendand l'analyse
Pendant la durée de l'analyse ne te sert pas de ton pc
une fois l'analyse terminé ,remet toute tes protections antivirus et antispywares
voila la scan combo
ComboFix 09-07-24.01 - fs 2009-07-26 8:58.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.168 [GMT -4:00]
Running from: c:\documents and settings\fs.VALUED-1725608B\Mes documents\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090127-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\FS3C15~1.VAL\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\fs.VALUED-1725608B\Application Data\02000000e317be2a638C.manifest
c:\documents and settings\fs.VALUED-1725608B\Application Data\02000000e317be2a638O.manifest
c:\documents and settings\fs.VALUED-1725608B\Application Data\02000000e317be2a638P.manifest
c:\documents and settings\fs.VALUED-1725608B\Application Data\02000000e317be2a638S.manifest
c:\recycler\S-1-5-21-2052111302-492894223-1060284298-1003
c:\recycler\S-1-5-21-2076865808-469572492-669266626-1003
c:\recycler\S-1-5-21-2102811470-3951863041-738584231-1003
c:\recycler\S-1-5-21-3337443236-880388920-716867411-1003
c:\recycler\S-1-5-21-960008106-98124962-3282583846-1003
c:\recycler\S-1-5-21-967062579-3206767074-3036817193-1003
c:\windows\BM0bad2b80.txt
c:\windows\BM0bad2b80.xml
c:\windows\cookies.ini
c:\windows\pskt.ini
c:\windows\setup.exe
c:\windows\system32\{8087a927-7f3d-1980-4929-de34f3e02a73}.dll-uninst.exe
c:\windows\system32\09oOY.vbs
c:\windows\system32\4l59LGpRWVqKTPo.vbs
c:\windows\system32\AeafZe6O7MvECjF.vbs
c:\windows\system32\ahheynng.ini
c:\windows\system32\api.dat
c:\windows\system32\api32.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\caumkvhk.ini
c:\windows\system32\cnaolaur.ini
c:\windows\system32\DPWSOCKX32.DLL
c:\windows\system32\eebamggv.ini
c:\windows\system32\GCj16P8.vbs
c:\windows\system32\gLtvqyroSbq9wGF.vbs
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\gzmrot-uninst.exe
c:\windows\system32\hneyoapv.ini
c:\windows\system32\hrwxcprh.ini
c:\windows\system32\hsntutjc.ini
c:\windows\system32\Izwa1LG2X0hER9j.vbs
c:\windows\system32\jStDJRqr.ini
c:\windows\system32\kpF2CCQ.vbs
c:\windows\system32\KyegH.vbs
c:\windows\system32\LjOTo.vbs
c:\windows\system32\mcrh.tmp
c:\windows\system32\msnav32.ax
c:\windows\system32\NE46fUj.vbs
c:\windows\system32\nTwFeLRu.ini
c:\windows\system32\nTwFeLRu.ini2
c:\windows\system32\pac.txt
c:\windows\system32\PRIxLe1vjdYww.vbs
c:\windows\system32\PxFXbWj.vbs
c:\windows\system32\pXSASUHi58hZ0.vbs
c:\windows\system32\uaeralfs.ini
c:\windows\system32\updatenf.dll
c:\windows\system32\uYhQr8Y.vbs
c:\windows\system32\VGgfOXyb.ini
c:\windows\system32\VGgfOXyb.ini2
c:\windows\system32\winpfz32.sys
c:\windows\system32\X44Fp.vbs
c:\windows\system32\xgAp0wO1BeQ0hr0.vbs
c:\windows\system32\xq8T3Gu8bBzSx.vbs
c:\windows\system32\ycakawyk.ini
c:\windows\system32\ycbb7YUNZPt9J.vbs
c:\windows\system32\YIRsYcdd.ini
c:\windows\system32\YIRsYcdd.ini2
c:\windows\system32\ZeeUfezQ85UBX1J.vbs
c:\windows\system32\zGPGC.vbs
c:\windows\system32\zxdnt3d.cfg
.
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.
2009-07-26 01:13 . 2009-07-26 01:13 -------- dc----w- c:\program files\MGI
2009-07-26 00:03 . 2009-07-26 12:52 -------- d-sh--w- c:\windows\system32\SystemX86
2009-07-24 13:36 . 2009-07-24 13:36 -------- dc----w- c:\program files\Trend Micro
2009-07-23 18:11 . 2009-07-23 18:34 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-07-23 16:56 . 2009-07-23 16:56 -------- dc----w- c:\documents and settings\LocalService\Bureau
2009-07-23 12:25 . 2009-07-23 12:25 97792 ----a-w- c:\windows\system32\kbdatat4.dll
2009-07-23 12:25 . 2009-07-23 12:25 627712 ----a-w- c:\windows\system32\raidmg1.dll
2009-07-21 14:29 . 2009-07-21 14:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 14:28 . 2009-07-21 14:28 152576 -c--a-w- c:\documents and settings\fs.VALUED-1725608B\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-20 15:52 . 2009-07-20 16:10 -------- dc----w- c:\documents and settings\fs.VALUED-1725608B\Local Settings\Application Data\Panda Software
2009-07-20 15:49 . 2009-07-20 16:12 -------- dc----w- c:\program files\Fichiers communs\Panda Software
2009-07-16 17:22 . 2005-02-23 18:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2009-07-16 17:22 . 1995-08-01 08:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-07-16 17:22 . 2009-07-16 17:22 -------- dc----w- c:\program files\ArcSoft
2009-07-16 17:14 . 2009-07-16 17:21 -------- dc----w- c:\program files\Fichiers communs\InstallShield
2009-07-14 15:13 . 2009-04-29 04:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-14 15:13 . 2009-04-29 04:45 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-07-13 16:25 . 2009-07-13 16:25 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-11 12:10 . 2009-07-11 12:10 -------- dcsh--w- c:\documents and settings\fs.VALUED-1725608B\PrivacIE
2009-07-11 12:10 . 2009-07-11 12:10 -------- dcsh--w- c:\documents and settings\fs.VALUED-1725608B\IECompatCache
2009-07-11 11:47 . 2009-07-11 11:47 -------- dcsh--w- c:\documents and settings\fs.VALUED-1725608B\IETldCache
2009-07-10 16:00 . 2009-07-10 16:00 -------- dc----w- c:\program files\Microsoft Silverlight
2009-07-10 16:00 . 2009-07-14 15:21 -------- d--h--w- c:\windows\msdownld.tmp
2009-07-09 18:46 . 2009-07-26 13:05 222650 ----a-w- c:\windows\system32\raidmg.dll
2009-07-09 18:46 . 2009-07-09 18:46 94720 ----a-w- c:\windows\system32\avwav3.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 12:53 . 2008-08-10 11:53 -------- dc----w- c:\program files\Sun
2009-07-23 16:42 . 2004-06-01 21:38 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-07-23 16:42 . 2007-03-12 22:47 -------- dc----w- c:\program files\Fichiers communs\ArcSoft
2009-07-23 15:12 . 2004-06-02 00:19 2864 ----a-w- c:\windows\system32\winsock.dll
2009-07-21 14:28 . 2004-06-02 15:51 -------- d-----w- c:\program files\Java
2009-07-21 11:38 . 2004-06-02 15:48 -------- dc----w- c:\program files\Fichiers communs\Sony Shared
2009-07-20 15:53 . 2009-07-20 15:53 3042 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-07-20 15:53 . 2004-06-02 00:19 72272 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-20 15:53 . 2004-06-02 00:19 459920 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-16 18:38 . 2007-03-12 23:09 -------- dc----w- c:\documents and settings\fs.VALUED-1725608B\Application Data\ArcSoft
2009-07-15 13:26 . 2008-12-12 16:26 -------- dc----w- c:\program files\Fichiers communs\AVSMedia
2009-07-15 12:43 . 2009-01-20 18:11 -------- dc----w- c:\program files\Incomplete
2009-07-13 16:22 . 2007-03-12 23:24 -------- d-----w- c:\program files\LimeWire
2009-07-09 19:00 . 2007-03-12 23:34 -------- dc----w- c:\documents and settings\fs.VALUED-1725608B\Application Data\LimeWire
2009-07-09 18:45 . 2009-07-09 18:45 0 ----a-w- c:\windows\system32\17.tmp
2009-07-09 18:34 . 2007-02-24 02:45 -------- dc----w- c:\documents and settings\fs.VALUED-1725608B\Application Data\Sony Corporation
2009-06-23 16:08 . 2008-12-12 15:45 -------- dc----w- c:\program files\Windows Media Connect 2
2009-06-20 12:45 . 2007-05-26 18:18 -------- dc----w- c:\program files\InterActual
2009-06-16 14:40 . 2004-06-02 00:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-06-02 00:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 12:36 . 2008-05-07 00:52 -------- dc----w- c:\program files\Windows Live
2009-06-15 12:36 . 2007-09-01 11:03 -------- d-----w- c:\program files\Windows Live Toolbar
2009-06-15 12:34 . 2009-06-15 12:34 -------- dc----w- c:\program files\Microsoft Sync Framework
2009-06-15 12:25 . 2009-06-15 12:25 -------- dc----w- c:\program files\Microsoft
2009-06-15 12:24 . 2009-06-15 12:24 -------- dc----w- c:\program files\Windows Live SkyDrive
2009-06-03 19:10 . 2005-08-30 14:26 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 13:17 . 2009-05-24 17:14 -------- dc----w- c:\documents and settings\fs.VALUED-1725608B\Application Data\Verbatim Software
2009-05-07 15:33 . 2004-06-02 00:18 348672 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 2006-06-23 18:28 827392 ----a-w- c:\windows\system32\wininet.dll
.
------- Sigcheck -------
[-] 2004-08-19 23:00 25216 E798705E8DC7FAB596EF6BFDF167E007 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-14 02:05 25216 16813155807C6881F4BFBF6657424659 c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-19 23:00 25216 E798705E8DC7FAB596EF6BFDF167E007 c:\windows\system32\drivers\kbdclass.sys
[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 05:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[7] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\ServicePackFiles\i386\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\system32\drivers\aec.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-24 385024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-28 335872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-21 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2009-7-16 270336]
[HKLM\~\startupfolder\C:^Documents and Settings^fs.VALUED-1725608B^Menu Démarrer^Programmes^Démarrage^Outil de détection de support Picture Motion Browser.lnk]
path=c:\documents and settings\fs.VALUED-1725608B\Menu Démarrer\Programmes\Démarrage\Outil de détection de support Picture Motion Browser.lnk
backup=c:\windows\pss\Outil de détection de support Picture Motion Browser.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^fs.VALUED-1725608B^Menu Démarrer^Programmes^Démarrage^Think-Adz.lnk]
path=c:\documents and settings\fs.VALUED-1725608B\Menu Démarrer\Programmes\Démarrage\Think-Adz.lnk
backup=c:\windows\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SONY\\VAIO Media 2.5\\Vc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\StubInstaller.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-12 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-12 20560]
R2 NwSapAgent;Agent SAP;c:\windows\System32\svchost.exe -k netsvcs [2004-06-01 14336]
S3 brfilt;Pilote de filtre Brother MFC;c:\windows\system32\drivers\BrFilt.sys [2007-10-01 2944]
S3 BrSerWDM;Pilote série Brother;c:\windows\system32\drivers\BrSerWdm.sys [2007-10-01 60416]
S3 BrUsbMdm;Brother MFC USB modem télécopieur uniquement;c:\windows\system32\drivers\BrUsbMdm.sys [2007-10-01 11008]
S3 BrUsbScn;Pilote de scanneur Brother MFC USB;c:\windows\system32\drivers\BrUsbScn.sys [2007-10-01 10368]
S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;c:\windows\system32\drivers\el575ND5.sys [2007-06-19 69692]
S3 USBNET;Network Everywhere Wireless USB Adapter Driver;c:\windows\system32\drivers\netusb.sys [2007-02-24 72576]
.
- - - - ORPHANS REMOVED - - - -
BHO-{6B500135-FB5E-4AE7-8C69-CF7F87E0C85F} - c:\windows\system32\byXOfgGV.dll__BHODemonDisabled
BHO-{6D001B3B-89F5-446A-A0B5-BECB7146CFEF} - c:\windows\system32\ddcYsRIY.dll__BHODemonDisabled
BHO-{835F2142-56CA-4557-88C2-63AE229260D1} - c:\windows\system32\uRLeFwTn.dll__BHODemonDisabled
Toolbar-SITEguard - (no file)
Toolbar-Locked - (no file)
HKLM-Run-EPSON Stylus Photo R320 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://www.msn.ca/
uInternet Connection Wizard,ShellNext = iexplore
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\fs.VALUED-1725608B\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
Trusted Zone: commentcamarche.net\www
Trusted Zone: facebook.com\apps
Trusted Zone: facebook.com\www
Trusted Zone: myyearbook.com\www
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 09:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-987244911-1716760179-638978679-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3000)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\SONY\Photo Server\appsrv\PhotoAppSrv.exe
c:\program files\Fichiers communs\Sony Shared\VAIO Media Platform\sv_httpd.exe
c:\program files\Fichiers communs\Sony Shared\VAIO Media Platform\UPnPFramework.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-07-26 9:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-26 13:20
Pre-Run: 26 638 835 712 octets libres
Post-Run: 27 836 006 400 octets libres
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
260 --- E O F --- 2009-07-18 13:23
ComboFix 09-07-24.01 - fs 2009-07-26 8:58.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.168 [GMT -4:00]
Running from: c:\documents and settings\fs.VALUED-1725608B\Mes documents\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090127-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\FS3C15~1.VAL\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\fs.VALUED-1725608B\Application Data\02000000e317be2a638C.manifest
c:\documents and settings\fs.VALUED-1725608B\Application Data\02000000e317be2a638O.manifest
c:\documents and settings\fs.VALUED-1725608B\Application Data\02000000e317be2a638P.manifest
c:\documents and settings\fs.VALUED-1725608B\Application Data\02000000e317be2a638S.manifest
c:\recycler\S-1-5-21-2052111302-492894223-1060284298-1003
c:\recycler\S-1-5-21-2076865808-469572492-669266626-1003
c:\recycler\S-1-5-21-2102811470-3951863041-738584231-1003
c:\recycler\S-1-5-21-3337443236-880388920-716867411-1003
c:\recycler\S-1-5-21-960008106-98124962-3282583846-1003
c:\recycler\S-1-5-21-967062579-3206767074-3036817193-1003
c:\windows\BM0bad2b80.txt
c:\windows\BM0bad2b80.xml
c:\windows\cookies.ini
c:\windows\pskt.ini
c:\windows\setup.exe
c:\windows\system32\{8087a927-7f3d-1980-4929-de34f3e02a73}.dll-uninst.exe
c:\windows\system32\09oOY.vbs
c:\windows\system32\4l59LGpRWVqKTPo.vbs
c:\windows\system32\AeafZe6O7MvECjF.vbs
c:\windows\system32\ahheynng.ini
c:\windows\system32\api.dat
c:\windows\system32\api32.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\caumkvhk.ini
c:\windows\system32\cnaolaur.ini
c:\windows\system32\DPWSOCKX32.DLL
c:\windows\system32\eebamggv.ini
c:\windows\system32\GCj16P8.vbs
c:\windows\system32\gLtvqyroSbq9wGF.vbs
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\gzmrot-uninst.exe
c:\windows\system32\hneyoapv.ini
c:\windows\system32\hrwxcprh.ini
c:\windows\system32\hsntutjc.ini
c:\windows\system32\Izwa1LG2X0hER9j.vbs
c:\windows\system32\jStDJRqr.ini
c:\windows\system32\kpF2CCQ.vbs
c:\windows\system32\KyegH.vbs
c:\windows\system32\LjOTo.vbs
c:\windows\system32\mcrh.tmp
c:\windows\system32\msnav32.ax
c:\windows\system32\NE46fUj.vbs
c:\windows\system32\nTwFeLRu.ini
c:\windows\system32\nTwFeLRu.ini2
c:\windows\system32\pac.txt
c:\windows\system32\PRIxLe1vjdYww.vbs
c:\windows\system32\PxFXbWj.vbs
c:\windows\system32\pXSASUHi58hZ0.vbs
c:\windows\system32\uaeralfs.ini
c:\windows\system32\updatenf.dll
c:\windows\system32\uYhQr8Y.vbs
c:\windows\system32\VGgfOXyb.ini
c:\windows\system32\VGgfOXyb.ini2
c:\windows\system32\winpfz32.sys
c:\windows\system32\X44Fp.vbs
c:\windows\system32\xgAp0wO1BeQ0hr0.vbs
c:\windows\system32\xq8T3Gu8bBzSx.vbs
c:\windows\system32\ycakawyk.ini
c:\windows\system32\ycbb7YUNZPt9J.vbs
c:\windows\system32\YIRsYcdd.ini
c:\windows\system32\YIRsYcdd.ini2
c:\windows\system32\ZeeUfezQ85UBX1J.vbs
c:\windows\system32\zGPGC.vbs
c:\windows\system32\zxdnt3d.cfg
.
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.
2009-07-26 01:13 . 2009-07-26 01:13 -------- dc----w- c:\program files\MGI
2009-07-26 00:03 . 2009-07-26 12:52 -------- d-sh--w- c:\windows\system32\SystemX86
2009-07-24 13:36 . 2009-07-24 13:36 -------- dc----w- c:\program files\Trend Micro
2009-07-23 18:11 . 2009-07-23 18:34 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-07-23 16:56 . 2009-07-23 16:56 -------- dc----w- c:\documents and settings\LocalService\Bureau
2009-07-23 12:25 . 2009-07-23 12:25 97792 ----a-w- c:\windows\system32\kbdatat4.dll
2009-07-23 12:25 . 2009-07-23 12:25 627712 ----a-w- c:\windows\system32\raidmg1.dll
2009-07-21 14:29 . 2009-07-21 14:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 14:28 . 2009-07-21 14:28 152576 -c--a-w- c:\documents and settings\fs.VALUED-1725608B\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-20 15:52 . 2009-07-20 16:10 -------- dc----w- c:\documents and settings\fs.VALUED-1725608B\Local Settings\Application Data\Panda Software
2009-07-20 15:49 . 2009-07-20 16:12 -------- dc----w- c:\program files\Fichiers communs\Panda Software
2009-07-16 17:22 . 2005-02-23 18:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2009-07-16 17:22 . 1995-08-01 08:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-07-16 17:22 . 2009-07-16 17:22 -------- dc----w- c:\program files\ArcSoft
2009-07-16 17:14 . 2009-07-16 17:21 -------- dc----w- c:\program files\Fichiers communs\InstallShield
2009-07-14 15:13 . 2009-04-29 04:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-14 15:13 . 2009-04-29 04:45 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-07-13 16:25 . 2009-07-13 16:25 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-11 12:10 . 2009-07-11 12:10 -------- dcsh--w- c:\documents and settings\fs.VALUED-1725608B\PrivacIE
2009-07-11 12:10 . 2009-07-11 12:10 -------- dcsh--w- c:\documents and settings\fs.VALUED-1725608B\IECompatCache
2009-07-11 11:47 . 2009-07-11 11:47 -------- dcsh--w- c:\documents and settings\fs.VALUED-1725608B\IETldCache
2009-07-10 16:00 . 2009-07-10 16:00 -------- dc----w- c:\program files\Microsoft Silverlight
2009-07-10 16:00 . 2009-07-14 15:21 -------- d--h--w- c:\windows\msdownld.tmp
2009-07-09 18:46 . 2009-07-26 13:05 222650 ----a-w- c:\windows\system32\raidmg.dll
2009-07-09 18:46 . 2009-07-09 18:46 94720 ----a-w- c:\windows\system32\avwav3.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 12:53 . 2008-08-10 11:53 -------- dc----w- c:\program files\Sun
2009-07-23 16:42 . 2004-06-01 21:38 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-07-23 16:42 . 2007-03-12 22:47 -------- dc----w- c:\program files\Fichiers communs\ArcSoft
2009-07-23 15:12 . 2004-06-02 00:19 2864 ----a-w- c:\windows\system32\winsock.dll
2009-07-21 14:28 . 2004-06-02 15:51 -------- d-----w- c:\program files\Java
2009-07-21 11:38 . 2004-06-02 15:48 -------- dc----w- c:\program files\Fichiers communs\Sony Shared
2009-07-20 15:53 . 2009-07-20 15:53 3042 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-07-20 15:53 . 2004-06-02 00:19 72272 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-20 15:53 . 2004-06-02 00:19 459920 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-16 18:38 . 2007-03-12 23:09 -------- dc----w- c:\documents and settings\fs.VALUED-1725608B\Application Data\ArcSoft
2009-07-15 13:26 . 2008-12-12 16:26 -------- dc----w- c:\program files\Fichiers communs\AVSMedia
2009-07-15 12:43 . 2009-01-20 18:11 -------- dc----w- c:\program files\Incomplete
2009-07-13 16:22 . 2007-03-12 23:24 -------- d-----w- c:\program files\LimeWire
2009-07-09 19:00 . 2007-03-12 23:34 -------- dc----w- c:\documents and settings\fs.VALUED-1725608B\Application Data\LimeWire
2009-07-09 18:45 . 2009-07-09 18:45 0 ----a-w- c:\windows\system32\17.tmp
2009-07-09 18:34 . 2007-02-24 02:45 -------- dc----w- c:\documents and settings\fs.VALUED-1725608B\Application Data\Sony Corporation
2009-06-23 16:08 . 2008-12-12 15:45 -------- dc----w- c:\program files\Windows Media Connect 2
2009-06-20 12:45 . 2007-05-26 18:18 -------- dc----w- c:\program files\InterActual
2009-06-16 14:40 . 2004-06-02 00:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-06-02 00:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 12:36 . 2008-05-07 00:52 -------- dc----w- c:\program files\Windows Live
2009-06-15 12:36 . 2007-09-01 11:03 -------- d-----w- c:\program files\Windows Live Toolbar
2009-06-15 12:34 . 2009-06-15 12:34 -------- dc----w- c:\program files\Microsoft Sync Framework
2009-06-15 12:25 . 2009-06-15 12:25 -------- dc----w- c:\program files\Microsoft
2009-06-15 12:24 . 2009-06-15 12:24 -------- dc----w- c:\program files\Windows Live SkyDrive
2009-06-03 19:10 . 2005-08-30 14:26 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 13:17 . 2009-05-24 17:14 -------- dc----w- c:\documents and settings\fs.VALUED-1725608B\Application Data\Verbatim Software
2009-05-07 15:33 . 2004-06-02 00:18 348672 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 2006-06-23 18:28 827392 ----a-w- c:\windows\system32\wininet.dll
.
------- Sigcheck -------
[-] 2004-08-19 23:00 25216 E798705E8DC7FAB596EF6BFDF167E007 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-14 02:05 25216 16813155807C6881F4BFBF6657424659 c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-19 23:00 25216 E798705E8DC7FAB596EF6BFDF167E007 c:\windows\system32\drivers\kbdclass.sys
[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 05:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[7] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\ServicePackFiles\i386\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\system32\drivers\aec.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-24 385024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-28 335872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-21 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2009-7-16 270336]
[HKLM\~\startupfolder\C:^Documents and Settings^fs.VALUED-1725608B^Menu Démarrer^Programmes^Démarrage^Outil de détection de support Picture Motion Browser.lnk]
path=c:\documents and settings\fs.VALUED-1725608B\Menu Démarrer\Programmes\Démarrage\Outil de détection de support Picture Motion Browser.lnk
backup=c:\windows\pss\Outil de détection de support Picture Motion Browser.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^fs.VALUED-1725608B^Menu Démarrer^Programmes^Démarrage^Think-Adz.lnk]
path=c:\documents and settings\fs.VALUED-1725608B\Menu Démarrer\Programmes\Démarrage\Think-Adz.lnk
backup=c:\windows\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SONY\\VAIO Media 2.5\\Vc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\StubInstaller.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-12 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-12 20560]
R2 NwSapAgent;Agent SAP;c:\windows\System32\svchost.exe -k netsvcs [2004-06-01 14336]
S3 brfilt;Pilote de filtre Brother MFC;c:\windows\system32\drivers\BrFilt.sys [2007-10-01 2944]
S3 BrSerWDM;Pilote série Brother;c:\windows\system32\drivers\BrSerWdm.sys [2007-10-01 60416]
S3 BrUsbMdm;Brother MFC USB modem télécopieur uniquement;c:\windows\system32\drivers\BrUsbMdm.sys [2007-10-01 11008]
S3 BrUsbScn;Pilote de scanneur Brother MFC USB;c:\windows\system32\drivers\BrUsbScn.sys [2007-10-01 10368]
S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;c:\windows\system32\drivers\el575ND5.sys [2007-06-19 69692]
S3 USBNET;Network Everywhere Wireless USB Adapter Driver;c:\windows\system32\drivers\netusb.sys [2007-02-24 72576]
.
- - - - ORPHANS REMOVED - - - -
BHO-{6B500135-FB5E-4AE7-8C69-CF7F87E0C85F} - c:\windows\system32\byXOfgGV.dll__BHODemonDisabled
BHO-{6D001B3B-89F5-446A-A0B5-BECB7146CFEF} - c:\windows\system32\ddcYsRIY.dll__BHODemonDisabled
BHO-{835F2142-56CA-4557-88C2-63AE229260D1} - c:\windows\system32\uRLeFwTn.dll__BHODemonDisabled
Toolbar-SITEguard - (no file)
Toolbar-Locked - (no file)
HKLM-Run-EPSON Stylus Photo R320 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://www.msn.ca/
uInternet Connection Wizard,ShellNext = iexplore
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\fs.VALUED-1725608B\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
Trusted Zone: commentcamarche.net\www
Trusted Zone: facebook.com\apps
Trusted Zone: facebook.com\www
Trusted Zone: myyearbook.com\www
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 09:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-987244911-1716760179-638978679-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3000)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\SONY\Photo Server\appsrv\PhotoAppSrv.exe
c:\program files\Fichiers communs\Sony Shared\VAIO Media Platform\sv_httpd.exe
c:\program files\Fichiers communs\Sony Shared\VAIO Media Platform\UPnPFramework.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-07-26 9:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-26 13:20
Pre-Run: 26 638 835 712 octets libres
Post-Run: 27 836 006 400 octets libres
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
260 --- E O F --- 2009-07-18 13:23
télécharge Malwarebyte's ici http://www.malwarebytes.org/mbam/program/mbam-setup.exe
le programme va se mettre automatiquement a jour.
S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici
https://www.malekal.com/tutorial-aboutbuster/
Une fois a jour, le programme va se lancer; click sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des éléments on été trouvés > click sur supprimer la sélection.
si il t´es demandé de redémarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
le programme va se mettre automatiquement a jour.
S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici
https://www.malekal.com/tutorial-aboutbuster/
Une fois a jour, le programme va se lancer; click sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des éléments on été trouvés > click sur supprimer la sélection.
si il t´es demandé de redémarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
