Rapport hijackthis... infecté ou pas ?????

merci de m'aider voila le rapport

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 17:58:01
Windows 6.0.6002 Service Pack 2

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\msqpdxwadrylyg.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules]
"msqpdxserv"="\\?\globalroot\systemroot\system32\drivers\msqpdxwadrylyg.sys"
"msqpdxl"="\\?\globalroot\systemroot\system32\msqpdxwikuhbrp.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:dd,05,1d,9d,8b,99,eb,8a,99,41,c6,e9,e2,71,a8,73,25,df,03,44,8a,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:9b,0b,bc,ec,ab,ab,c8,74,24,ca,dc,24,e3,97,53,a9,e5,b8,6f,c5,97,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b6,5d,6e,65,76,8c,b1,de,0e,0f,1b,b8,94,9b,21,a9,2a,31,4a,90,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msqpdxserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\msqpdxwadrylyg.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules]
"msqpdxserv"="\\?\globalroot\systemroot\system32\drivers\msqpdxwadrylyg.sys"
"msqpdxl"="\\?\globalroot\systemroot\system32\msqpdxwikuhbrp.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:dd,05,1d,9d,8b,99,eb,8a,99,41,c6,e9,e2,71,a8,73,25,df,03,44,8a,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:9b,0b,bc

désolé je suis un peu perdu la ^^ on peut reprendre du début stp et si tu pouvais être plus précis stp ....en plus je peu plus me connecté a msn :(

alors a la fin de genproc il n'y a pas de rapport qui s'ouvre tout seul on me demande si je me fais aider sur un forum ou si je veux le faire tout seul...... j'espère que c'est le bon.....

Rapport GenProc 2.613 [4] - 2009-08-10 à 18:51:28
@ Windows Vista Service Pack 2 - Mode normal
@ Mozilla Firefox (3.0.13) [Navigateur par défaut]

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :


Poste un rapport NanoScan https://www.micro-astuce.com/securite/NanoScan-Panda.php





~~~~ INFORMATION COMPLEMENTAIRE ~~~~


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:27, on 2009-08-10
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Windows\Pixart\Pac7302\Monitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\Pixart\Pac207\Monitor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cmd.exe
C:\Genproc\outil\TELMA_GenProc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\Windows\system32\msjava32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\cssdll32.dll
O23 - Service: Service de licence ABBYY FineReader 9.0 (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe
O23 - Service: Ma-Config Service (maconfservice) - - (no file)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

heu combofix ne peut pas se lancer a cause de avg antispyware et de comodo safe surf et je sais pas comment les désactivé ... en plus je savais même pas que avg était encore la ^^ .... comment faire pour le désinstallé stp merci

désolé de faire le boulet.... pour comodo j'ai trouvé mais aucune trace d'AVG antispyware ... as tu une solution pour le désinstallé complètement stp merci

voilà désolé ca ete long mon pc rame en mode sans echec .... c'est normal? et je peu plus allé sur msn depuis mon raccourci sur le bureau d'ou vient le soucis ?!??


ComboFix 09-08-09.04 - TELMA 2009-08-10 19:43.1.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.1.1036.18.1918.1515 [GMT 2:00]
Running from: c:\users\TELMA\Desktop\ComboFix.exe
SP: AVG Anti-Spyware *enabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
/wow section not completed

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_msqpdxserv.sys
-------\Service_msqpdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 17:20 . 2009-08-10 17:21 -------- d-----w- c:\program files\jv16 PowerTools
2009-08-10 16:31 . 2009-08-10 16:31 -------- d-----w- c:\program files\Panda Security
2009-08-10 16:18 . 2008-06-05 16:18 5737 ----a-w- c:\users\TELMA\AppData\Local\gnc.exe
2009-08-10 16:17 . 2008-06-05 16:18 5737 ----a-w- c:\users\Mcx1\AppData\Local\gnc.exe
2009-08-10 16:15 . 2009-08-10 16:18 -------- d-----w- c:\program files\Navilog1
2009-08-10 15:50 . 2009-08-10 15:50 -------- d-----w- C:\UAC
2009-08-10 15:49 . 2009-08-10 16:27 -------- d-----w- C:\Genproc
2009-08-10 14:06 . 2009-08-10 14:06 -------- d-----w- c:\users\TELMA\AppData\Roaming\gtk-2.0
2009-08-10 14:06 . 2009-08-10 14:06 -------- d-----w- c:\users\TELMA\.thumbnails
2009-08-10 14:04 . 2009-08-10 14:07 -------- d-----w- c:\users\TELMA\.gimp-2.6
2009-08-10 14:04 . 2009-08-10 14:04 -------- d-----w- c:\users\TELMA\.gegl-0.0
2009-08-10 14:03 . 2009-08-10 14:03 -------- d-----w- c:\program files\GIMP-2.0
2009-08-10 13:53 . 2009-08-10 13:53 -------- d-----w- c:\users\TELMA\AppData\Roaming\KC Softwares
2009-08-10 13:52 . 2009-08-10 13:52 -------- d-----w- c:\program files\KC Softwares
2009-08-08 21:12 . 2009-08-08 21:14 304160 ----a-w- C:\PA207.DAT
2009-08-08 18:29 . 2009-08-08 18:29 -------- d-----w- c:\windows\Webcam1200
2009-08-08 18:29 . 2007-06-29 14:32 611584 ----a-w- c:\windows\system32\drivers\PFC027.SYS
2009-08-08 18:29 . 2006-11-20 07:04 6656 ----a-w- c:\windows\system32\CoInst_070629.dll
2009-08-08 18:29 . 2009-08-08 18:29 -------- d-----w- c:\program files\Webcam 1200
2009-08-08 18:29 . 2001-11-05 08:50 69632 ----a-w- c:\windows\AMCap.exe
2009-07-25 15:44 . 2009-07-25 15:44 -------- d-----w- c:\program files\FpTest
2009-07-24 15:38 . 2009-07-24 15:38 -------- d-----w- c:\users\TELMA\AppData\Local\DesktopSearch
2009-07-22 17:55 . 2009-07-25 14:44 -------- d-----w- c:\program files\AVS4YOU
2009-07-22 17:11 . 2009-07-22 17:11 -------- d-----w- c:\users\Mcx1.PC-de-TELMA\AppData\Local\VirtualStore
2009-07-22 17:04 . 2009-07-22 17:04 -------- d-----w- c:\users\Mcx1\AppData\Local\VirtualStore
2009-07-15 11:53 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 11:53 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 11:53 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 11:53 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 11:53 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 00:15 . 2009-07-15 00:16 -------- d-----w- c:\windows\system32\ca-ES
2009-07-15 00:15 . 2009-07-15 00:16 -------- d-----w- c:\windows\system32\eu-ES
2009-07-15 00:15 . 2009-07-15 00:16 -------- d-----w- c:\windows\system32\vi-VN
2009-07-14 21:01 . 2009-07-14 21:01 -------- d-----w- c:\windows\system32\EventProviders
2009-07-14 20:56 . 2009-04-11 06:28 476672 ----a-w- c:\windows\system32\secproc_isv.dll
2009-07-14 20:54 . 2009-04-11 06:28 223232 ----a-w- c:\windows\system32\mswsock.dll
2009-07-14 20:53 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\wshbth.dll
2009-07-14 20:52 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-07-14 20:52 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-07-14 20:52 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-07-14 20:52 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-07-14 20:52 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-07-14 20:52 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-07-14 20:52 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-07-14 20:52 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-07-14 20:52 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-07-14 20:52 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-07-14 20:52 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-07-14 18:54 . 2009-07-14 18:54 -------- d-----w- c:\users\TELMA\AppData\Local\Blizzard Entertainment
2009-07-14 13:00 . 2009-07-14 13:34 -------- d-----w- c:\program files\RegCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 15:52 . 2008-05-16 15:39 -------- d-----w- c:\progra~2\NVIDIA
2009-08-10 15:36 . 2008-11-01 23:17 -------- d-----w- c:\progra~2\Google Updater
2009-08-09 12:43 . 2008-11-28 15:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 18:29 . 2008-05-16 15:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 16:52 . 2008-10-03 12:42 -------- d-----w- c:\users\TELMA\AppData\Roaming\uTorrent
2009-08-07 18:31 . 2008-11-01 23:29 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-08-06 13:05 . 2008-05-17 01:19 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-06 13:05 . 2008-05-17 01:19 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-03 11:36 . 2008-11-28 15:01 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-11-28 15:01 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 13:17 . 2008-10-22 12:30 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 20:54 . 2009-03-08 22:57 -------- d-----w- c:\users\TELMA\AppData\Roaming\dvdcss
2009-07-25 14:44 . 2008-10-10 14:21 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-07-22 09:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-21 21:52 . 2009-07-29 12:15 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 12:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 12:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 12:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 00:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-15 00:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-15 00:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-15 00:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-15 00:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-15 00:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-15 00:15 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-15 00:03 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-14 18:38 . 2009-07-05 09:52 -------- d-----w- c:\program files\Electronic Arts
2009-07-11 19:05 . 2008-08-22 21:00 -------- d-----w- c:\program files\Free Easy Burner
2009-07-11 13:38 . 2009-03-31 16:51 -------- d-----w- c:\program files\Codemonster
2009-07-07 22:00 . 2009-07-07 22:00 -------- d-----w- c:\progra~2\Blizzard
2009-07-07 21:59 . 2009-05-07 19:41 -------- d-----w- c:\users\TELMA\AppData\Roaming\DNA
2009-07-06 18:35 . 2009-07-06 16:39 -------- d-----w- c:\program files\SEGA
2009-07-05 10:24 . 2009-07-05 10:15 -------- d-----w- c:\progra~2\Electronic Arts
2009-07-05 10:08 . 2009-07-05 10:08 10134 ----a-r- c:\users\TELMA\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-07-05 10:08 . 2009-07-05 10:08 -------- d-----w- c:\program files\Microsoft WSE
2009-07-03 13:23 . 2009-07-03 13:23 -------- d-----w- c:\progra~2\Trymedia
2009-07-03 13:23 . 2009-07-03 13:23 -------- d-----w- c:\progra~2\InstallShield
2009-07-03 13:21 . 2008-05-16 15:38 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-03 05:55 . 2008-08-21 17:34 73712 ----a-w- c:\users\TELMA\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-02 16:45 . 2009-01-09 15:59 -------- d-----w- c:\program files\MagicISO
2009-07-02 16:41 . 2009-04-10 20:41 -------- d-----w- c:\progra~2\Skype
2009-07-02 15:51 . 2009-07-02 15:16 -------- d-----w- c:\users\TELMA\AppData\Roaming\Hide IP NG
2009-07-01 12:47 . 2009-04-10 20:49 -------- d-----w- c:\users\TELMA\AppData\Roaming\Any DVD Converter Professional
2009-06-26 17:57 . 2009-02-24 14:46 -------- d-----w- c:\program files\RomStation
2009-06-26 17:51 . 2008-12-05 19:20 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-26 17:45 . 2008-10-14 15:52 -------- d-----w- c:\program files\Project64 1.6
2009-06-14 12:10 . 2008-12-05 19:24 1 ----a-w- c:\users\TELMA\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-01 11:12 . 2009-05-17 14:34 90 ----a-w- c:\users\TELMA\AppData\Local\qguqqsg.bat
2009-05-23 22:03 . 2008-12-27 21:19 0 ----a-r- c:\users\TELMA\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
2008-10-10 14:16 . 2008-10-10 14:16 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-11-20 03:41 . 2008-11-19 21:05 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2008-11-20 03:41 . 2008-11-19 21:05 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2008-12-02 00:47 . 2008-12-02 00:47 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43F7497C-7687-4DEA-A057-F21BD81BC896}]
2009-02-13 08:49 362496 ----a-w- c:\windows\System32\msjava32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-11-05 278264]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-03-14 70912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\cssdll32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^TELMA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^TELMA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de notification Live Search.lnk]
backup=c:\windows\pss\Outil de notification Live Search.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorFX
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveZilla
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9f,32,e0,83,e2,04,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D7C953F2-63A5-4E89-B4C4-45B7A2980D86}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{30760DEF-1120-4D52-9D6F-C7C933B82B9D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{7C0CE1B8-5BBC-497B-84F6-C8AB78CB23CC}"= UDP:49100:u
"TCP Query User{74A40F4A-3CF2-4FCD-A437-37E21BA0017E}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{7960A54B-E7B4-49AE-8461-02EEC588CFD7}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"TCP Query User{874B6DA6-E124-491E-91AA-A2BD08C54A5F}c:\\users\\telma\\desktop\\programmes internet\\mirc - sacx\\mirc.exe"= UDP:c:\users\telma\desktop\programmes internet\mirc - sacx\mirc.exe:mirc.exe
"UDP Query User{4B59C7C5-02A5-4C51-BF11-377FF9841E46}c:\\users\\telma\\desktop\\programmes internet\\mirc - sacx\\mirc.exe"= TCP:c:\users\telma\desktop\programmes internet\mirc - sacx\mirc.exe:mirc.exe
"TCP Query User{6FD7212D-6A8D-48C6-A10F-F3CB79F8D21D}c:\\users\\telma\\desktop\\programmes internet\\mirc - sacx\\mirc.exe"= UDP:c:\users\telma\desktop\programmes internet\mirc - sacx\mirc.exe:mirc.exe
"UDP Query User{C223859A-7386-42DE-B59F-64C119960833}c:\\users\\telma\\desktop\\programmes internet\\mirc - sacx\\mirc.exe"= TCP:c:\users\telma\desktop\programmes internet\mirc - sacx\mirc.exe:mirc.exe
"TCP Query User{D90F31D2-96AE-4A32-8F17-B65BCE6FA21A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{690643A6-9BE2-40EF-8075-229F70185089}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{534104AD-1561-4933-AB8D-C89248A6F91F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D55DFD84-31C3-4604-8740-359237AB7944}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{8A821C83-C497-4FD3-ABB4-700CD98849F8}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{669E992D-16EC-4981-BF53-7751C2FF6779}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"TCP Query User{30FBB6ED-EB6A-4983-B1A3-4F50F0EA82C8}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{968589F0-57EB-4CE7-8B3F-E55B04308D8D}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{AD048762-CA78-49E6-BD92-6D2EAE60527A}"= UDP:c:\windows\ehome\ehshell.exe:Windows Media Center
"{E30380F6-4E97-4C06-99F3-09492E30A8E1}"= TCP:c:\windows\ehome\ehshell.exe:Windows Media Center
"TCP Query User{C15CCFF5-48D9-4ED2-9738-DFA1D5AF1E3C}c:\\program files\\transcode360\\transcode360tray.exe"= UDP:c:\program files\transcode360\transcode360tray.exe:
"UDP Query User{A9B6B73A-B6CC-43E2-A88F-DBC30CE763C3}c:\\program files\\transcode360\\transcode360tray.exe"= TCP:c:\program files\transcode360\transcode360tray.exe:
"TCP Query User{45D42AA8-3FBF-4478-A4EA-A2DF033CD8EC}c:\\program files\\shiny\\sacrifice\\sacpro.exe"= UDP:c:\program files\shiny\sacrifice\sacpro.exe:SacPro
"UDP Query User{2AF2443D-E197-41FF-B802-8E900A07D885}c:\\program files\\shiny\\sacrifice\\sacpro.exe"= TCP:c:\program files\shiny\sacrifice\sacpro.exe:SacPro
"TCP Query User{502EDDB5-504E-4996-AF24-4E8732E4C8E2}c:\\program files\\shiny\\sacrifice\\sacrifice.exe"= UDP:c:\program files\shiny\sacrifice\sacrifice.exe:Sacrifice
"UDP Query User{05F81861-0B04-4757-84E8-1CCDCF58D0DB}c:\\program files\\shiny\\sacrifice\\sacrifice.exe"= TCP:c:\program files\shiny\sacrifice\sacrifice.exe:Sacrifice
"TCP Query User{1400E10D-5D72-4A98-B892-8E59D364B6CB}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
"UDP Query User{0F762C67-FBDC-41CB-826C-4F89B1CE7CDE}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
"TCP Query User{FE358835-AD9E-4446-8EB0-685816A776D8}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{BC7EB23A-B0A1-4775-ADC0-A48C9F61D54A}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2008-11-19 28544]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [2009-04-09 107256]
R1 pctfw2;pctfw2;c:\windows\System32\drivers\pctfw2.sys [2008-11-02 160792]
R2 ABBYY.Licensing.FineReader.Professional.9.0;Service de licence ABBYY FineReader 9.0;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-09-24 566560]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [2009-04-09 93312]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [2009-03-21 47640]
R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32\lxbccoms.exe -service [?]
S3 maconfservice;Ma-Config Service; [x]
S3 PAC207;Webcam 1200;c:\windows\System32\drivers\PFC027.SYS [2009-08-08 611584]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2008-10-03 28224]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2008-03-26 21280]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Supplementary Scan -------
.
mStart Page =
mWindow Title =
uInternet Settings,ProxyServer = socks=
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
FF - ProfilePath - c:\users\TELMA\AppData\Roaming\Mozilla\Firefox\Profiles\yosvncdo.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\TELMA\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 19:52
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3094670495-2971065881-4109255259-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E19EECAE-545B-0B41-7528-B69FBB0391C9}*]
"bbhceiggjbangkbepadgkanlljbmdibfjdjn"=hex:61,61,00,00
"abhceiggjbangkbepaagbccocikcejebcm"=hex:61,61,00,00

[HKEY_USERS\S-1-5-21-3094670495-2971065881-4109255259-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7a,24,e1,d7,fe,84,e0,86,6b,c2,ba,c4,20,64,e9,c3,a3,e7,df,f5,dc,fe,9a,
4e,68,1f,66,f6,f1,12,13,3a,00,dd,41,17,d5,69,d4,28,a8,c4,89,13,ec,5a,d0,15,\
"??"=hex:31,56,eb,d2,19,7e,11,c6,4e,ec,dc,5c,dc,8c,5d,fa

[HKEY_USERS\S-1-5-21-3094670495-2971065881-4109255259-1000\Software\SecuROM\License information*]
"datasecu"=hex:7c,31,4d,c7,41,98,36,e8,36,cc,db,ce,8e,2b,09,2a,10,6e,13,3c,05,
ed,2d,45,00,eb,3e,23,c6,e6,11,79,8c,8a,d0,3a,3c,e4,b0,ff,33,fe,0e,d3,99,29,\
"rkeysecu"=hex:07,bf,1b,6d,7a,b6,86,7e,8d,e7,f8,5b,9c,0e,cb,47
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\System32\cssdll32.dll

- - - - - - - > 'lsass.exe'(800)
c:\windows\System32\cssdll32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\lxbccoms.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\conime.exe
.
**************************************************************************
.
Completion time: 2009-08-10 20:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-10 18:02

Pre-Run: 36,641,648,640 octets libres
Post-Run: 36,263,682,048 octets libres

290 --- E O F --- 2009-08-07 08:33

et maintenant stp ?

allo allo tu me laisse tombé ou quoi?

Fichier msjava32.dll reçu le 2009.08.10 19:04:48 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 5/41 (12.2%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 2.
L'heure estimée de démarrage est entre 52 et 75 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.10 -
AhnLab-V3 5.0.0.2 2009.08.10 -
AntiVir 7.9.0.248 2009.08.10 HEUR/Malware
Antiy-AVL 2.0.3.7 2009.08.10 -
Authentium 5.1.2.4 2009.08.09 -
Avast 4.8.1335.0 2009.08.10 -
AVG 8.5.0.406 2009.08.10 -
BitDefender 7.2 2009.08.10 -
CAT-QuickHeal 10.00 2009.08.10 -
ClamAV 0.94.1 2009.08.10 -
Comodo 1935 2009.08.10 -
DrWeb 5.0.0.12182 2009.08.10 -
eSafe 7.0.17.0 2009.08.10 Suspicious File
eTrust-Vet 31.6.6670 2009.08.10 -
F-Prot 4.4.4.56 2009.08.09 -
F-Secure 8.0.14470.0 2009.08.10 -
Fortinet 3.120.0.0 2009.08.10 -
GData 19 2009.08.10 -
Ikarus T3.1.1.64.0 2009.08.10 -
Jiangmin 11.0.800 2009.08.10 -
K7AntiVirus 7.10.815 2009.08.10 -
Kaspersky 7.0.0.125 2009.08.10 -
McAfee 5705 2009.08.10 -
McAfee+Artemis 5705 2009.08.10 Suspect-29!7BA4CEEA64CB
McAfee-GW-Edition 6.8.5 2009.08.10 Heuristic.Malware
Microsoft 1.4903 2009.08.10 -
NOD32 4323 2009.08.10 -
Norman 6.01.09 2009.08.10 -
nProtect 2009.1.8.0 2009.08.10 -
Panda 10.0.0.14 2009.08.10 -
PCTools 4.4.2.0 2009.08.10 -
Prevx 3.0 2009.08.10 -
Rising 21.42.04.00 2009.08.10 -
Sophos 4.44.0 2009.08.10 Sus/Spy-B
Sunbelt 3.2.1858.2 2009.08.10 -
Symantec 1.4.4.12 2009.08.10 -
TheHacker 6.3.4.3.379 2009.08.10 -
TrendMicro 8.950.0.1094 2009.08.10 -
VBA32 3.12.10.9 2009.08.10 -
ViRobot 2009.8.10.1877 2009.08.10 -
VirusBuster 4.6.5.0 2009.08.10 -
Information additionnelle
File size: 362496 bytes
MD5...: 7ba4ceea64cb5975a1fcc0820d668b82
SHA1..: f60ff8efe41661482c8d69401e6500d17b8d4c2e
SHA256: f45e7a2544140214c1e95ee23ed4b32b9403c22b11b515391b977f2508cfd451
ssdeep: 6144:3rWLJV2QrezDf4jdBEPHQhMff2utw8HH29OHLILe+peXn3Hr3o2M:3GD2Qr
HTQHkzU0aoens2M
PEiD..: -
TrID..: File type identification
Win32 EXE Yoda's Crypter (56.9%)
Win32 Executable Generic (18.2%)
Win32 Dynamic Link Library (generic) (16.2%)
Generic Win/DOS Executable (4.2%)
DOS Executable Generic (4.2%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x82ad0
timedatestamp.....: 0x49775309 (Wed Jan 21 16:53:29 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2d000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x2e000 0x55000 0x54e00 7.83 88d254afc4e1e16f0960482546415b34
.rsrc 0x83000 0x4000 0x3600 5.33 81f728ea17452952c1e97f9c240c1b61

( 9 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect
> ADVAPI32.dll: RegCloseKey
> GDI32.dll: GetDeviceCaps
> ole32.dll: CoTaskMemFree
> OLEAUT32.dll: -
> SHELL32.dll: SHGetFileInfoA
> SHLWAPI.dll: StrStrIA
> USER32.dll: GetDC
> WININET.dll: InternetOpenA

( 5 exports )
DllCanUnloadNow, DllGetClassObject, DllMain, DllRegisterServer, DllUnregisterServer
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX



Fichier cssdll32.dll reçu le 2009.05.24 20:41:47 (UTC)
Situation actuelle: terminé
Résultat: 0/40 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.24 -
AhnLab-V3 5.0.0.2 2009.05.24 -
AntiVir 7.9.0.168 2009.05.24 -
Antiy-AVL 2.0.3.1 2009.05.22 -
Authentium 5.1.2.4 2009.05.24 -
Avast 4.8.1335.0 2009.05.24 -
AVG 8.5.0.339 2009.05.24 -
BitDefender 7.2 2009.05.24 -
CAT-QuickHeal 10.00 2009.05.23 -
ClamAV 0.94.1 2009.05.24 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.24 -
eSafe 7.0.17.0 2009.05.24 -
eTrust-Vet 31.6.6519 2009.05.23 -
F-Prot 4.4.4.56 2009.05.24 -
F-Secure 8.0.14470.0 2009.05.24 -
Fortinet 3.117.0.0 2009.05.24 -
GData 19 2009.05.24 -
Ikarus T3.1.1.49.0 2009.05.24 -
K7AntiVirus 7.10.741 2009.05.21 -
Kaspersky 7.0.0.125 2009.05.24 -
McAfee 5625 2009.05.24 -
McAfee+Artemis 5625 2009.05.24 -
McAfee-GW-Edition 6.7.6 2009.05.24 -
Microsoft 1.4701 2009.05.24 -
NOD32 4098 2009.05.22 -
Norman 6.01.05 2009.05.22 -
nProtect 2009.1.8.0 2009.05.24 -
Panda 10.0.0.14 2009.05.24 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.24 -
Rising 21.30.62.00 2009.05.24 -
Sophos 4.42.0 2009.05.24 -
Sunbelt 3.2.1858.2 2009.05.24 -
Symantec 1.4.4.12 2009.05.24 -
TheHacker 6.3.4.3.331 2009.05.22 -
TrendMicro 8.950.0.1092 2009.05.23 -
VBA32 3.12.10.5 2009.05.24 -
ViRobot 2009.5.23.1749 2009.05.23 -
VirusBuster 4.6.5.0 2009.05.24 -
Information additionnelle
File size: 249592 bytes
MD5 : 19699febe71ed8919d9a3169a107265a
SHA1 : e7fa62051b4299c294a65d16bc29a1f604d6b0b9
SHA256: 55bb3124fbea8a6a3363e4028d1b05b52a5b1346df983e8d2c4dcd4577e5fabb
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x290C
timedatestamp.....: 0x483ED63F (Thu May 29 18:13:51 2008)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9C37 0xA000 6.53 181fac4c1bc3ba7bb9de89409d41a26b
.rdata 0xB000 0x3FF4 0x4000 5.43 37b2a910ea59f40b855cc69494508707
.data 0xF000 0x1CDC 0x1000 2.28 709418b1cf5d0a3c7389200f8e8d3df6
.rsrc 0x11000 0x29454 0x2A000 7.08 c630efd593c3248935f388cba840322e
.reloc 0x3B000 0x1EC0 0x2000 4.77 2227d2617cfad5a5655acf5aff9cc2cd

( 0 imports )


( 0 exports )
TrID : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ThreatExpert: https://www.symantec.com?md5=19699febe71ed8919d9a3169a107265a
ssdeep: 3072:SgcgCrw4xQ7sgWOeiCx3tQqAJMVeAk77AG1vP7c+LZGk5kF4OqXF40Mi0LgjgGsI:rtCrw4wbJMHknA471Gk581h7o1
PEiD : -
CWSandbox: http://research.sunbelt-software.com/...
RDS : NSRL Reference Data Set

heu quand combofix a terminé spybot search and destroy ma demander d'autorisé des modif dans le registre je dois les autorisé ou non stp ?

ha le problème est que comme je savais pas je les ai pas autorisé ... comment je fais pour rattrapé ca stp je suis désolé je savais pas

désolé je savais pas ^^

ComboFix 09-08-09.04 - TELMA 2009-08-10 22:00.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.1.1036.18.1918.1092 [GMT 2:00]
Running from: c:\users\TELMA\Desktop\ComboFix.exe
Command switches used :: c:\users\TELMA\Desktop\CFScript .txt
SP: AVG Anti-Spyware *enabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active


FILE ::
"c:\windows\System32\msjava32.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~2\Software Licensors
c:\users\TELMA\AppData\Roaming\.#
c:\windows\99629.exe
c:\windows\Installer\311d1e.msi
c:\windows\system32\1.txt
c:\windows\system32\IEDFix.C.exe
c:\windows\System32\msjava32.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\SrchSTS.exe
D:\resycled

.
((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 20:10 . 2009-08-10 20:10 -------- d-----w- c:\users\TELMA\AppData\Local\temp
2009-08-10 20:10 . 2009-08-10 20:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-10 20:10 . 2009-08-10 20:10 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-08-10 20:10 . 2009-08-10 20:10 -------- d-----w- c:\users\Mcx1.PC-de-TELMA\AppData\Local\temp
2009-08-10 20:10 . 2009-08-10 20:10 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2009-08-10 20:10 . 2009-08-10 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-10 17:20 . 2009-08-10 17:21 -------- d-----w- c:\program files\jv16 PowerTools
2009-08-10 16:31 . 2009-08-10 16:31 -------- d-----w- c:\program files\Panda Security
2009-08-10 16:18 . 2008-06-05 16:18 5737 ----a-w- c:\users\TELMA\AppData\Local\gnc.exe
2009-08-10 16:17 . 2008-06-05 16:18 5737 ----a-w- c:\users\Mcx1\AppData\Local\gnc.exe
2009-08-10 16:15 . 2009-08-10 16:18 -------- d-----w- c:\program files\Navilog1
2009-08-10 15:50 . 2009-08-10 15:50 -------- d-----w- C:\UAC
2009-08-10 15:49 . 2009-08-10 16:27 -------- d-----w- C:\Genproc
2009-08-10 14:06 . 2009-08-10 14:06 -------- d-----w- c:\users\TELMA\AppData\Roaming\gtk-2.0
2009-08-10 14:06 . 2009-08-10 14:06 -------- d-----w- c:\users\TELMA\.thumbnails
2009-08-10 14:04 . 2009-08-10 14:07 -------- d-----w- c:\users\TELMA\.gimp-2.6
2009-08-10 14:04 . 2009-08-10 14:04 -------- d-----w- c:\users\TELMA\.gegl-0.0
2009-08-10 14:03 . 2009-08-10 14:03 -------- d-----w- c:\program files\GIMP-2.0
2009-08-10 13:53 . 2009-08-10 13:53 -------- d-----w- c:\users\TELMA\AppData\Roaming\KC Softwares
2009-08-10 13:52 . 2009-08-10 13:52 -------- d-----w- c:\program files\KC Softwares
2009-08-08 21:12 . 2009-08-08 21:14 304160 ----a-w- C:\PA207.DAT
2009-08-08 18:29 . 2009-08-08 18:29 -------- d-----w- c:\windows\Webcam1200
2009-08-08 18:29 . 2007-06-29 14:32 611584 ----a-w- c:\windows\system32\drivers\PFC027.SYS
2009-08-08 18:29 . 2006-11-20 07:04 6656 ----a-w- c:\windows\system32\CoInst_070629.dll
2009-08-08 18:29 . 2009-08-08 18:29 -------- d-----w- c:\program files\Webcam 1200
2009-08-08 18:29 . 2001-11-05 08:50 69632 ----a-w- c:\windows\AMCap.exe
2009-07-25 15:44 . 2009-07-25 15:44 -------- d-----w- c:\program files\FpTest
2009-07-24 15:38 . 2009-07-24 15:38 -------- d-----w- c:\users\TELMA\AppData\Local\DesktopSearch
2009-07-22 17:55 . 2009-07-25 14:44 -------- d-----w- c:\program files\AVS4YOU
2009-07-22 17:11 . 2009-07-22 17:11 -------- d-----w- c:\users\Mcx1.PC-de-TELMA\AppData\Local\VirtualStore
2009-07-22 17:04 . 2009-07-22 17:04 -------- d-----w- c:\users\Mcx1\AppData\Local\VirtualStore
2009-07-15 11:53 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 11:53 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 11:53 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 11:53 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 11:53 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 00:15 . 2009-07-15 00:16 -------- d-----w- c:\windows\system32\ca-ES
2009-07-15 00:15 . 2009-07-15 00:16 -------- d-----w- c:\windows\system32\eu-ES
2009-07-15 00:15 . 2009-07-15 00:16 -------- d-----w- c:\windows\system32\vi-VN
2009-07-14 21:01 . 2009-07-14 21:01 -------- d-----w- c:\windows\system32\EventProviders
2009-07-14 20:56 . 2009-04-11 06:28 476672 ----a-w- c:\windows\system32\secproc_isv.dll
2009-07-14 20:54 . 2009-04-11 06:28 223232 ----a-w- c:\windows\system32\mswsock.dll
2009-07-14 20:53 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\wshbth.dll
2009-07-14 20:52 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-07-14 20:52 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-07-14 20:52 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-07-14 20:52 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-07-14 20:52 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-07-14 20:52 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-07-14 20:52 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-07-14 20:52 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-07-14 20:52 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-07-14 20:52 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-07-14 20:52 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-07-14 18:54 . 2009-07-14 18:54 -------- d-----w- c:\users\TELMA\AppData\Local\Blizzard Entertainment
2009-07-14 13:00 . 2009-07-14 13:34 -------- d-----w- c:\program files\RegCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 20:03 . 2008-11-01 23:29 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-08-10 15:52 . 2008-05-16 15:39 -------- d-----w- c:\progra~2\NVIDIA
2009-08-10 15:36 . 2008-11-01 23:17 -------- d-----w- c:\progra~2\Google Updater
2009-08-09 12:43 . 2008-11-28 15:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 18:29 . 2008-05-16 15:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 16:52 . 2008-10-03 12:42 -------- d-----w- c:\users\TELMA\AppData\Roaming\uTorrent
2009-08-06 13:05 . 2008-05-17 01:19 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-06 13:05 . 2008-05-17 01:19 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-03 11:36 . 2008-11-28 15:01 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-11-28 15:01 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 13:17 . 2008-10-22 12:30 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 20:54 . 2009-03-08 22:57 -------- d-----w- c:\users\TELMA\AppData\Roaming\dvdcss
2009-07-25 14:44 . 2008-10-10 14:21 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-07-22 09:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-21 21:52 . 2009-07-29 12:15 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 12:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 12:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 12:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 00:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-15 00:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-15 00:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-15 00:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-15 00:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-15 00:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-15 00:15 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-15 00:03 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-14 18:38 . 2009-07-05 09:52 -------- d-----w- c:\program files\Electronic Arts
2009-07-11 19:05 . 2008-08-22 21:00 -------- d-----w- c:\program files\Free Easy Burner
2009-07-11 13:38 . 2009-03-31 16:51 -------- d-----w- c:\program files\Codemonster
2009-07-07 22:00 . 2009-07-07 22:00 -------- d-----w- c:\progra~2\Blizzard
2009-07-07 21:59 . 2009-05-07 19:41 -------- d-----w- c:\users\TELMA\AppData\Roaming\DNA
2009-07-06 18:35 . 2009-07-06 16:39 -------- d-----w- c:\program files\SEGA
2009-07-05 10:24 . 2009-07-05 10:15 -------- d-----w- c:\progra~2\Electronic Arts
2009-07-05 10:08 . 2009-07-05 10:08 10134 ----a-r- c:\users\TELMA\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-07-05 10:08 . 2009-07-05 10:08 -------- d-----w- c:\program files\Microsoft WSE
2009-07-03 13:23 . 2009-07-03 13:23 -------- d-----w- c:\progra~2\Trymedia
2009-07-03 13:23 . 2009-07-03 13:23 -------- d-----w- c:\progra~2\InstallShield
2009-07-03 13:21 . 2008-05-16 15:38 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-03 05:55 . 2008-08-21 17:34 73712 ----a-w- c:\users\TELMA\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-02 16:45 . 2009-01-09 15:59 -------- d-----w- c:\program files\MagicISO
2009-07-02 16:41 . 2009-04-10 20:41 -------- d-----w- c:\progra~2\Skype
2009-07-02 15:51 . 2009-07-02 15:16 -------- d-----w- c:\users\TELMA\AppData\Roaming\Hide IP NG
2009-07-01 12:47 . 2009-04-10 20:49 -------- d-----w- c:\users\TELMA\AppData\Roaming\Any DVD Converter Professional
2009-06-26 17:57 . 2009-02-24 14:46 -------- d-----w- c:\program files\RomStation
2009-06-26 17:51 . 2008-12-05 19:20 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-26 17:45 . 2008-10-14 15:52 -------- d-----w- c:\program files\Project64 1.6
2009-06-14 12:10 . 2008-12-05 19:24 1 ----a-w- c:\users\TELMA\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-01 11:12 . 2009-05-17 14:34 90 ----a-w- c:\users\TELMA\AppData\Local\qguqqsg.bat
2009-05-23 22:03 . 2008-12-27 21:19 0 ----a-r- c:\users\TELMA\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
2008-10-10 14:16 . 2008-10-10 14:16 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-11-20 03:41 . 2008-11-19 21:05 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2008-11-20 03:41 . 2008-11-19 21:05 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2008-12-02 00:47 . 2008-12-02 00:47 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-08-10_17.53.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-21 17:21 . 2009-08-10 19:54 18860 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3094670495-2971065881-4109255259-1000_UserData.bin
+ 2008-06-03 06:32 . 2009-08-10 19:56 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-03 06:32 . 2009-08-10 17:52 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-03 06:35 . 2009-08-10 19:56 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-03 06:35 . 2009-08-10 17:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 01:58 . 2009-08-10 19:54 104534 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-10 19:54 104448 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-05-23 23:17 . 2009-08-10 17:52 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-05-23 23:17 . 2009-08-10 19:56 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2008-06-03 06:35 . 2009-08-10 17:52 229376 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-03 06:35 . 2009-08-10 19:56 229376 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-11-05 278264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-03-14 70912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\cssdll32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^TELMA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^TELMA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de notification Live Search.lnk]
backup=c:\windows\pss\Outil de notification Live Search.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9f,32,e0,83,e2,04,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D7C953F2-63A5-4E89-B4C4-45B7A2980D86}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{30760DEF-1120-4D52-9D6F-C7C933B82B9D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{7C0CE1B8-5BBC-497B-84F6-C8AB78CB23CC}"= UDP:49100:u
"TCP Query User{74A40F4A-3CF2-4FCD-A437-37E21BA0017E}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{7960A54B-E7B4-49AE-8461-02EEC588CFD7}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"TCP Query User{874B6DA6-E124-491E-91AA-A2BD08C54A5F}c:\\users\\telma\\desktop\\programmes internet\\mirc - sacx\\mirc.exe"= UDP:c:\users\telma\desktop\programmes internet\mirc - sacx\mirc.exe:mirc.exe
"UDP Query User{4B59C7C5-02A5-4C51-BF11-377FF9841E46}c:\\users\\telma\\desktop\\programmes internet\\mirc - sacx\\mirc.exe"= TCP:c:\users\telma\desktop\programmes internet\mirc - sacx\mirc.exe:mirc.exe
"TCP Query User{6FD7212D-6A8D-48C6-A10F-F3CB79F8D21D}c:\\users\\telma\\desktop\\programmes internet\\mirc - sacx\\mirc.exe"= UDP:c:\users\telma\desktop\programmes internet\mirc - sacx\mirc.exe:mirc.exe
"UDP Query User{C223859A-7386-42DE-B59F-64C119960833}c:\\users\\telma\\desktop\\programmes internet\\mirc - sacx\\mirc.exe"= TCP:c:\users\telma\desktop\programmes internet\mirc - sacx\mirc.exe:mirc.exe
"TCP Query User{D90F31D2-96AE-4A32-8F17-B65BCE6FA21A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{690643A6-9BE2-40EF-8075-229F70185089}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{534104AD-1561-4933-AB8D-C89248A6F91F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D55DFD84-31C3-4604-8740-359237AB7944}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{8A821C83-C497-4FD3-ABB4-700CD98849F8}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{669E992D-16EC-4981-BF53-7751C2FF6779}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"TCP Query User{30FBB6ED-EB6A-4983-B1A3-4F50F0EA82C8}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{968589F0-57EB-4CE7-8B3F-E55B04308D8D}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{AD048762-CA78-49E6-BD92-6D2EAE60527A}"= UDP:c:\windows\ehome\ehshell.exe:Windows Media Center
"{E30380F6-4E97-4C06-99F3-09492E30A8E1}"= TCP:c:\windows\ehome\ehshell.exe:Windows Media Center
"TCP Query User{C15CCFF5-48D9-4ED2-9738-DFA1D5AF1E3C}c:\\program files\\transcode360\\transcode360tray.exe"= UDP:c:\program files\transcode360\transcode360tray.exe:
"UDP Query User{A9B6B73A-B6CC-43E2-A88F-DBC30CE763C3}c:\\program files\\transcode360\\transcode360tray.exe"= TCP:c:\program files\transcode360\transcode360tray.exe:
"TCP Query User{45D42AA8-3FBF-4478-A4EA-A2DF033CD8EC}c:\\program files\\shiny\\sacrifice\\sacpro.exe"= UDP:c:\program files\shiny\sacrifice\sacpro.exe:SacPro
"UDP Query User{2AF2443D-E197-41FF-B802-8E900A07D885}c:\\program files\\shiny\\sacrifice\\sacpro.exe"= TCP:c:\program files\shiny\sacrifice\sacpro.exe:SacPro
"TCP Query User{502EDDB5-504E-4996-AF24-4E8732E4C8E2}c:\\program files\\shiny\\sacrifice\\sacrifice.exe"= UDP:c:\program files\shiny\sacrifice\sacrifice.exe:Sacrifice
"UDP Query User{05F81861-0B04-4757-84E8-1CCDCF58D0DB}c:\\program files\\shiny\\sacrifice\\sacrifice.exe"= TCP:c:\program files\shiny\sacrifice\sacrifice.exe:Sacrifice
"TCP Query User{1400E10D-5D72-4A98-B892-8E59D364B6CB}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
"UDP Query User{0F762C67-FBDC-41CB-826C-4F89B1CE7CDE}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
"TCP Query User{FE358835-AD9E-4446-8EB0-685816A776D8}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{BC7EB23A-B0A1-4775-ADC0-A48C9F61D54A}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2008-11-19 28544]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [2009-04-09 107256]
R1 pctfw2;pctfw2;c:\windows\System32\drivers\pctfw2.sys [2008-11-02 160792]
R2 ABBYY.Licensing.FineReader.Professional.9.0;Service de licence ABBYY FineReader 9.0;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-09-24 566560]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [2009-04-09 93312]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [2009-03-21 47640]
R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32\lxbccoms.exe -service [?]
S3 maconfservice;Ma-Config Service; [x]
S3 PAC207;Webcam 1200;c:\windows\System32\drivers\PFC027.SYS [2009-08-08 611584]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2008-10-03 28224]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2008-03-26 21280]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-avgnt - c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe


.
------- Supplementary Scan -------
.
uStart Page =
mWindow Title =
uInternet Settings,ProxyServer = socks=
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
DPF: CabBuilder
FF - ProfilePath - c:\users\TELMA\AppData\Roaming\Mozilla\Firefox\Profiles\yosvncdo.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\TELMA\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 22:10
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3094670495-2971065881-4109255259-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E19EECAE-545B-0B41-7528-B69FBB0391C9}*]
"bbhceiggjbangkbepadgkanlljbmdibfjdjn"=hex:61,61,00,00
"abhceiggjbangkbepaagbccocikcejebcm"=hex:61,61,00,00

[HKEY_USERS\S-1-5-21-3094670495-2971065881-4109255259-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7a,24,e1,d7,fe,84,e0,86,6b,c2,ba,c4,20,64,e9,c3,a3,e7,df,f5,dc,fe,9a,
4e,68,1f,66,f6,f1,12,13,3a,00,dd,41,17,d5,69,d4,28,a8,c4,89,13,ec,5a,d0,15,\
"??"=hex:31,56,eb,d2,19,7e,11,c6,4e,ec,dc,5c,dc,8c,5d,fa

[HKEY_USERS\S-1-5-21-3094670495-2971065881-4109255259-1000\Software\SecuROM\License information*]
"datasecu"=hex:7c,31,4d,c7,41,98,36,e8,36,cc,db,ce,8e,2b,09,2a,10,6e,13,3c,05,
ed,2d,45,00,eb,3e,23,c6,e6,11,79,8c,8a,d0,3a,3c,e4,b0,ff,33,fe,0e,d3,99,29,\
"rkeysecu"=hex:07,bf,1b,6d,7a,b6,86,7e,8d,e7,f8,5b,9c,0e,cb,47
.
Completion time: 2009-08-10 22:13
ComboFix-quarantined-files.txt 2009-08-10 20:13
ComboFix2.txt 2009-08-10 19:33
ComboFix3.txt 2009-08-10 18:03

Pre-Run: 36,384,858,112 octets libres
Post-Run: 36,275,134,464 octets libres

279 --- E O F --- 2009-08-07 08:33

et maintenant stp ?

et est ce normal que je vois plus mon antivirus et que je puisse plus allé sur msn ??? rep stp merci

bon ba vu que plus personne ne répond je vais me couché... c pas cool :( ... j'ai d'autre soucis maintenant :(

"Attention de ne pas te tromper, l'entraide ici ce n'est pas un dû, on est pas censés être derrière les membres 24h/24".....je sais très bien que l'entraide n'est pas un dû et que tu ne peu pas être la 24h/24 mais bon juste un petit message pour dire de continuer demain ça m'aurait évité d'attendre comme un c.. enfin bref c'est pas grave ^^ mais j'ai un soucis je n'arrive pas a allé sur nanoscan... je tombe sur panda activescan 2.0 avec le lien que tu m'a donné et lui ça prend pas 1 minute lol. Mon antivirus Nod 32 antivirus 4 et le pare feu est celui de windows

c'est pas grave ;) voilà le rapport activescan :

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-11 13:00:24
PROTECTIONS: 2
MALWARE: 8
SUSPECTS: 44
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
COMODO Defense+ 3.5 No Yes
Windows Defender 1.1.1505.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_02_02_2009_17_08_26.asq18467
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_02_02_2009_17_08_26.asq41
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_12_04_2009_03_49_51.asq41
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_08_07_2009_00_00_29.asq41
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.BS.Serving-Sys_24_12_2008_23_45_39.asq18467
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.BS.Serving-Sys_12_04_2009_03_49_51.asq18467
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.BS.Serving-Sys_08_07_2009_00_00_29.asq18467
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.Weborama_02_02_2009_17_20_32.asq41
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_24_12_2008_23_45_39.asq41
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.SmartAdServer.com_24_12_2008_23_45_39.asq6334
02468641 Generic Trojan Virus/Trojan No 0 Yes No C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Trojan-Dropper (General Components)_07_08_2009_21_49_14.asq41
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\TELMA\Downloads\Navilog1.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location b�j�X� �9

;===================================================================================================================================================================================
No C:\Program Files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe b�j�X� �9

No C:\Program Files\ESET\ESET Smart Security\NodEnabler\Settings Manager.exe b�j�X� �9

No C:\Program Files\HP Games\Bejeweled 2 Deluxe\WinBej2.exe b�j�X� �9

No C:\Program Files\HP Games\Bejeweled 2 Deluxe\wtmui_default\WinBej2.exe b�j�X� �9

No C:\Program Files\HP Games\Diner Dash\wtmui_de\dd.exe b�j�X� �9

No C:\Program Files\HP Games\Diner Dash\wtmui_default\dd.exe b�j�X� �9

No C:\Program Files\HP Games\Diner Dash\wtmui_es\dd.exe b�j�X� �9

No C:\Program Files\HP Games\Diner Dash\wtmui_fr\dd.exe b�j�X� �9

No C:\Program Files\HP Games\Diner Dash\wtmui_it\dd.exe b�j�X� �9

No C:\Program Files\HP Games\Diner Dash\wtmui_zh\dd.exe b�j�X� �9

No C:\Program Files\HP Games\Virtual Villagers - A New Home\VirtualVillagers.exe b�j�X� �9

No C:\Program Files\Navilog1\gnc.exe b�j�X� �9

No C:\Users\Mcx1\AppData\Local\gnc.exe b�j�X� �9

No C:\Users\TELMA\AppData\Local\gnc.exe b�j�X� �9

No C:\ProgramData\WildTangent\05E6A44C-E019-48D3-BEBD-059D73FDBBE6-extr.exe[BricksOfEgypt.exe] b�j�X� �9

No C:\ProgramData\WildTangent\05E6A44C-E019-48D3-BEBD-059D73FDBBE6-extr.exe[BricksOfEgypt.exe] b�j�X� �9

No C:\ProgramData\WildTangent\05E6A44C-E019-48D3-BEBD-059D73FDBBE6-extr.exe[BricksOfEgypt.exe] b�j�X� �9

No C:\ProgramData\WildTangent\05E6A44C-E019-48D3-BEBD-059D73FDBBE6-extr.exe[BricksOfEgypt.exe] b�j�X� �9

No C:\ProgramData\WildTangent\05E6A44C-E019-48D3-BEBD-059D73FDBBE6-extr.exe[BricksOfEgypt.exe] b�j�X� �9

No C:\ProgramData\WildTangent\09ae490f-6649-4699-9275-0920b710ebe8-extr.exe[sudoku.exe] b�j�X� �9

No C:\ProgramData\WildTangent\09ae490f-6649-4699-9275-0920b710ebe8-extr.exe[sudoku.exe] b�j�X� �9

No C:\ProgramData\WildTangent\09ae490f-6649-4699-9275-0920b710ebe8-extr.exe[sudoku.exe] b�j�X� �9

No C:\ProgramData\WildTangent\25bf168a-3cb6-4596-8ac6-42a0a7d0ee2e-extr.exe[GemShop.exe] b�j�X� �9

No C:\ProgramData\WildTangent\2698CE7D-5E0F-45A5-B451-557D8A56C3B9-extr.exe[golf.exe] b�j�X� �9

No C:\ProgramData\WildTangent\3C448D22-AD49-43EC-85C5-A6020A10E823-extr.exe[Maze.exe] b�j�X� �9

No C:\ProgramData\WildTangent\5efc38bb-2dab-4442-8e97-38975fa121af-extr.exe[academy.exe] b�j�X� �9

No C:\ProgramData\WildTangent\6E7DD52D-205E-4D6D-AF6A-0C34703DFA61-extr.exe[Chuzzle.exe] b�j�X� �9

No C:\ProgramData\WildTangent\735D55C1-EA16-4128-8762-43E626AC0FC5-extr.exe[granny.exe] b�j�X� �9

No C:\ProgramData\WildTangent\951226E3-26FC-40BC-8085-3677B1128F59-extr.exe[Polar.exe] b�j�X� �9

No C:\ProgramData\WildTangent\A4B598D2-9BFF-456F-A667-D3B8A0849286-extr.exe[Insaniquarium.exe] b�j�X� �9

No C:\ProgramData\WildTangent\A4B598D2-9BFF-456F-A667-D3B8A0849286-extr.exe[Insaniquarium.exe] b�j�X� �9

No C:\ProgramData\WildTangent\BC3D43F7-BC64-490D-92B5-D2AABEC7FA85-extr.exe[Zuma.exe] b�j�X� �9

No C:\ProgramData\WildTangent\BC3D43F7-BC64-490D-92B5-D2AABEC7FA85-extr.exe[Zuma.exe] b�j�X� �9

No C:\ProgramData\WildTangent\C8DEFEB5-AFE9-48D0-A9E6-355F537F0BAD-extr.exe[Slingo.exe] b�j�X� �9

No C:\ProgramData\WildTangent\C8DEFEB5-AFE9-48D0-A9E6-355F537F0BAD-extr.exe[Slingo.exe] b�j�X� �9

No C:\ProgramData\WildTangent\C8DEFEB5-AFE9-48D0-A9E6-355F537F0BAD-extr.exe[Slingo.exe] b�j�X� �9

No C:\ProgramData\WildTangent\C8DEFEB5-AFE9-48D0-A9E6-355F537F0BAD-extr.exe[Slingo.exe] b�j�X� �9

No C:\ProgramData\WildTangent\E1C0210F-E01D-446A-8A15-9E2C938199DD-extr.exe[mahjong.exe] b�j�X� �9

No C:\ProgramData\WildTangent\f17a1f51-a97a-451c-9682-2386aa4441b2-extr.exe[treasureisland.exe] b�j�X� �9

No C:\ProgramData\WildTangent\f405496e-4cd5-4891-a8bc-3e58bd47b25c-extr.exe[penguins.exe] b�j�X� �9

No C:\Users\TELMA\AppData\Local\Zylom Games\Delicious Deluxe\delicious.dll b�j�X� �9

No C:\Users\TELMA\AppData\Local\Zylom Games\The legend of El Dorado Deluxe\eldorado.dll b�j�X� �9

No C:\Users\TELMA\AppData\Roaming\Convivea\Bit_Che\scripts\special.exe b�j�X� �9

No C:\Users\TELMA\Desktop\Programmes internet\mIRC - sacX\mirc.exe b�j�X� �9

;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description b�j�X� �9

;===================================================================================================================================================================================
;===================================================================================================================================================================================

ok ok merci

ok ok .. comment je fais pour supprimé ca : C:\Users\TELMA\AppData\Roaming\Convivea\Bit_Che\scripts\spec­ial.exe) et alors j'ai désinstallé WLM et mon antivirus et à la place j'ai mis panda antivirus pro 2010 et j'ai fait un scan:

Rapport des incidents de Panda Antivirus Pro 2010
Filtre sélectionné :Virus détecté, Fichier suspect, Fichier dangereux, Exécution du script, Connexion téléphonique, Tentative de connexion, Attaque d'analyse de ports, Attaque de type refus de service, Usurpation d'identité, Blocage d'IP attaquant, Activation, Désactivation, Mise à jour, Début de l'analyse, Fin de l'analyse, Date : toutes
INCIDENT SOURCE DATE - HEURE RESULTAT INFORMATION SUPPLEMENTAIRE
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Mise à jour Système d'actualisation 11/08/2009 14:04:07 Correct Fichier : Signatures de menaces
Début de l'analyse Analyse antivirus immédiate 11/08/2009 14:04:14 Analyse :
Mise à jour Système d'actualisation 11/08/2009 14:04:43 Correct Type : autofix hft90906s1
Début de l'analyse Analyse antivirus immédiate 11/08/2009 14:11:26 Analyse : Analyse de tout le système
Mise à jour Système d'actualisation 11/08/2009 14:23:01 Correct Type : autofix hft90906s3
Mise à jour Système d'actualisation 11/08/2009 14:23:06 Correct Signatures de menaces
Mise à jour Système d'actualisation 11/08/2009 14:23:11 Correct Type : Protection d'identité
Logiciel espion détecté : Cookie/Ser... Analyse antivirus immédiate 11/08/2009 14:40:36 Supprimé Emplacement : C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.BS.Serving-Sys_08_07_2009_00_00_29.asq18467
Logiciel espion détecté : Cookie/Ser... Analyse antivirus immédiate 11/08/2009 14:40:36 Supprimé Emplacement : C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.BS.Serving-Sys_12_04_2009_03_49_51.asq18467
Logiciel espion détecté : Cookie/Ser... Analyse antivirus immédiate 11/08/2009 14:40:36 Supprimé Emplacement : C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.BS.Serving-Sys_24_12_2008_23_45_39.asq18467
Logiciel espion détecté : Cookie/Sma... Analyse antivirus immédiate 11/08/2009 14:40:36 Supprimé Emplacement : C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.SmartAdServer.com_24_12_2008_23_45_39.asq6334
Logiciel espion détecté : Cookie/Xiti Analyse antivirus immédiate 11/08/2009 14:40:37 Supprimé Emplacement : C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_02_02_2009_17_08_26.asq18467
Logiciel espion détecté : Cookie/Yie... Analyse antivirus immédiate 11/08/2009 14:40:37 Supprimé Emplacement : C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_02_02_2009_17_08_26.asq41
Logiciel espion détecté : Cookie/Yie... Analyse antivirus immédiate 11/08/2009 14:40:37 Supprimé Emplacement : C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_08_07_2009_00_00_29.asq41
Logiciel espion détecté : Cookie/Yie... Analyse antivirus immédiate 11/08/2009 14:40:37 Supprimé Emplacement : C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_12_04_2009_03_49_51.asq41
Logiciel espion détecté : Cookie/Poi... Analyse antivirus immédiate 11/08/2009 14:40:37 Supprimé Emplacement : C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_24_12_2008_23_45_39.asq41
Logiciel espion détecté : Cookie/Web... Analyse antivirus immédiate 11/08/2009 14:40:37 Supprimé Emplacement : C:\Users\TELMA\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Cookie.Weborama_02_02_2009_17_20_32.asq41
Virus détecté : Trj/CI.A Analyse antivirus immédiate 11/08/2009 14:55:54 Supprimé Emplacement : C:\Users\TELMA\Downloads\Navilog1.exe
Fin de l'analyse Analyse antivirus immédiate 11/08/2009 15:45:43 Analyse : Analyse de tout le système


je sais pas si j'ai bien fait ^^ tu me dira ...

C:\Users\TELMA\AppData\Roaming\Convivea\Bit_Che\scripts\special.exe) est introuvable avec virustotal..... et c'est une version gratuite de 30 jours après je remettrais nod 32 même si panda a l'air mieux lui il a trouvé plein de problème alors que nod 32 n'avais rien trouvé.....que dois je faire maintenant stp?

je suis vraiment désolé mais le problème de mon unité centrale est toujours la... elle ne se met plus en veille alors que mon écran oui que dois je faire stp

Je suis vraiment désolé mais le problème de mon unité centrale est toujours la... elle ne se met plus en veille alors que mon écran oui que dois je faire stp

non y a plus d'écran bleu c déjà ça et comment je fais pour regarder dans l'observateur d'événement stp ^^... dsl je suis pas un pro

je suis dans l'observateur d'événement mais je sais pas quoi faire dsl comme je t'ai dit je n'ai jamais utiliser cette fonction merci de m'aider

le truc c'est que je n'y comprend rien dans l'observateur donc pour chercher c'est très facile et j'ai pas envie de faire des bêtises.... surtout pour un DÉBUTANT et si je n'ai pas précisé depuis quand ou quoi j'ai ce problème c'est que je ne sais pas lol ^^ .... peut être depuis la mise a jour vista sp2.....c'est possible ?

ok par contre tools cleaner2 ne marche pas il cherche sans cesse sans rien trouver

en tout cas merci bien pour ton aide et ta patience

[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Users\TELMA\Desktop\ComboFix.exe: trouvé !
C:\Windows\System32\GenProc[*].html: trouvé !

---------------------------------
--> Suppression:

C:\Users\TELMA\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Windows\System32\GenProc[*].html: ERREUR DE SUPPRESSION !!

comment je fais pour les supprimer stp merci

j'ai trouvé merci encore pour ton aide ;) et pour ta patience bonne continuation

merci a toi et comment faut il faire pour mettre en résolu stp merci