PC INFECTE PAR HTML/infected.Webpage.Gen

phk30 Messages postés 1066 Statut Membre -  
phk30 Messages postés 1066 Statut Membre -
Bonjour, j'ai 2 fenetre antivir qui s'ouvre et reviennent en boucle avec des virus : " TR/killProc.AK et HTML/infected.Webpage.Gen " impossible de les supprimer et bitdefender ne veut pas se lancer j'ai AUSSI UNE FENETRE QUI LANCE UN ANTI VIRUS AUTOMATIQUE SANS LUI DEMANDE RQUAND ON OUVRE INTERNET EXPLORER merci POUR VOTRE AIDE A BIENTOT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:12, on 10/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Galdeano\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\58UA7IMA\HiJackThis[1].exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [winupdate.exe] C:\Windows\system32\winupdate.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Google Update] "C:\Users\Galdeano\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Bodybits] "C:\ProgramData\listthirdthird.uockq"
O4 - HKCU\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\Manager Delete 4.ml9fg73"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\credssp32.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1c9abf7f7465800) (gupdate1c9abf7f7465800) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11859 bytes
Configuration: Windows Vista Internet Explorer 7.0

11 réponses

  1. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    OK. Fais redémarrer ton ordinateur, puis passé à la suite :

    /!\ A l'attention de ceux qui passent sur ce sujet /!\
    Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helper du forum qui connait bien cet outil vous l'a recommandé.

    /!\ Désactive tous tes logiciels de protection /!\

    • Télécharge ComboFix (de sUBs) sur ton Bureau.
    • Fais un clic-droit sur ComboFix.exe et clique sur « Exécuter en temps qu'administrateur ».
    • Il va te demander d'installer la console de récupération : accepte.
    • Ne touche à rien pendant le scan.
    • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    1
  2. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Bonjour,

    Ce rapport montre plusieurs infections, on va toutes les traiter une par une.

    Il y a tout d'abord une infection Lop/Swizzor, qui s'installe notamment via les logiciels suivant, en contrepartie de leur dite « gratuité » :

    • Le sponsor de Messenger Plus!
    • BitDownload
    • BitGrabber
    • BitRoll
    • NetPumper
    • TorrentQ
    • Torrent101

    Pour supprimer cette infection, il faut utiliser le programme LopS&D.

    • Télécharge Lop S&D (créé par eric 71) sur ton Bureau
    • Double-clique dessus pour lancer l'installation
    • Fais un clic-droit sur le raccourci Lop S&D présent sur ton Bureau, puis choisis « Exécuter en temps qu'administrateur ».
    • Sélectionne la langue souhaitée, puis choisis l'option 2 (Suppression)
    • Patiente jusqu'à la fin du scan
    • Poste le rapport généré (C:\lopR.txt)

    Tutoriel pour t’aider : http://www.malekal.com//tutorial_Lop_SD.php

    0
  3. phk30 Messages postés 1066 Statut Membre 75
     
    bonsoir et merci pour la rapidité c'est en cour je répond de mon autre pc et d'abord question cela va t'il désinfecté les 2 sessions ? merci à bientot
    0
  4. phk30 Messages postés 1066 Statut Membre 75
     
    VOICI LE RAPPORT

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : AMD Sempron(tm) SI-40 )
    BIOS : PhoenixBIOS 4.0 Release 6.1
    USER : Galdeano ( Not Administrator ! )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:223 Go (Free:73 Go)
    D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go)
    E:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [2] ( 10/08/2009|21:13 )

    [ UAC => 0 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\ProgramData\Okay meta anti lite\Trans Title.dat
    Supprime! - C:\ProgramData\Okay meta anti lite\wait program.dat
    Supprime! - C:\Users\Galdeano\AppData\Roaming\MICROS~1\Windows\Cookies\galdeano@adserver5[1].txt
    Supprime! - C:\Users\Galdeano\AppData\Roaming\MICROS~1\Windows\Cookies\galdeano@www.adserver5[2].txt
    Supprime! - C:\Users\Galdeano\AppData\Roaming\MICROS~1\Windows\Cookies\galdeano@advertising[1].txt
    Supprime! - C:\ProgramData\listthirdthird.kb2sj
    Supprime! - C:\ProgramData\listthirdthird.r6kom
    Supprime! - C:\ProgramData\listthirdthird.uockq
    Supprime! - C:\ProgramData\listthirdthird.xrbfea
    Supprime! - C:\ProgramData\Bat first rule.kuv5gl2
    Supprime! - C:\ProgramData\listthirdthird.hmxde5g
    Supprime! - C:\ProgramData\Okay meta anti lite
    -
    [ Fichier Hosts ] .. Restaure!

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    Supprime! - C:\Program Files\Viewpoint
    Supprime! - C:\PROGRA~2\Viewpoint

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing des dossiers dans Local

    [21/02/2009|18:32] C:\Users\Galdeano\AppData\Local\Adobe
    [07/12/2008|18:07] C:\Users\Galdeano\AppData\Local\AOL
    [03/03/2009|18:27] C:\Users\Galdeano\AppData\Local\Apple
    [11/04/2009|15:27] C:\Users\Galdeano\AppData\Local\Apple Computer
    [07/12/2008|16:25] C:\Users\Galdeano\AppData\Local\Application Data
    [19/04/2009|10:41] C:\Users\Galdeano\AppData\Local\Ares
    [07/12/2008|16:43] C:\Users\Galdeano\AppData\Local\AtStart.txt
    [14/07/2009|13:16] C:\Users\Galdeano\AppData\Local\d3d9caps.dat
    [09/07/2009|18:54] C:\Users\Galdeano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [07/12/2008|16:43] C:\Users\Galdeano\AppData\Local\DSwitch.txt
    [10/08/2009|18:39] C:\Users\Galdeano\AppData\Local\GDIPFONTCACHEV1.DAT
    [05/06/2008|18:18] C:\Users\Galdeano\AppData\Local\gnc.exe
    [09/08/2009|00:58] C:\Users\Galdeano\AppData\Local\Google
    [07/12/2008|16:25] C:\Users\Galdeano\AppData\Local\Historique
    [13/06/2009|18:19] C:\Users\Galdeano\AppData\Local\Microsoft
    [11/12/2008|22:34] C:\Users\Galdeano\AppData\Local\Microsoft Games
    [18/06/2009|11:56] C:\Users\Galdeano\AppData\Local\Mozilla
    [07/12/2008|16:43] C:\Users\Galdeano\AppData\Local\QSwitch.txt
    [20/02/2009|12:25] C:\Users\Galdeano\AppData\Local\QuickPlay
    [09/02/2009|18:43] C:\Users\Galdeano\AppData\Local\Shareaza
    [10/08/2009|21:13] C:\Users\Galdeano\AppData\Local\Temp
    [07/12/2008|16:25] C:\Users\Galdeano\AppData\Local\Temporary Internet Files
    [07/12/2008|17:26] C:\Users\Galdeano\AppData\Local\VirtualStore

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [10/08/2009 20:30][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002UA.job
    [09/08/2009 19:30][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002Core.job
    [10/08/2009 20:41][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000UA.job
    [10/08/2009 12:41][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000Core.job
    [10/08/2009 20:57][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [10/08/2009 20:07][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [10/08/2009 20:54][--a------] C:\Windows\tasks\Google Software Updater.job
    [10/08/2009 21:13][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{DF45F308-4470-4E68-890F-640EBF9D60A3}.job
    [10/08/2009 20:06][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{50A94D73-4F1F-4EAA-81E9-A45AF48AF528}.job
    [03/08/2009 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Effectuer une analyse complŠte du systŠme - Galdeano.job
    [10/08/2009 20:06][--ah-----] C:\Windows\tasks\SA.DAT
    [10/08/2009 18:49][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [26/05/2008|11:32] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [11/04/2009|15:24] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [26/05/2008|11:34] C:\ProgramData\Adobe
    [03/08/2009|19:39] C:\ProgramData\airportmania
    [26/05/2008|11:46] C:\ProgramData\AOL
    [03/03/2009|18:26] C:\ProgramData\Apple
    [03/03/2009|18:31] C:\ProgramData\Apple Computer
    [02/11/2006|15:02] C:\ProgramData\Application Data
    [07/08/2008|09:26] C:\ProgramData\Atheros
    [10/08/2009|11:26] C:\ProgramData\Avira
    [30/06/2009|19:15] C:\ProgramData\Azureus
    [07/12/2008|16:21] C:\ProgramData\Bureau
    [22/03/2009|15:06] C:\ProgramData\CanonBJ
    [22/03/2009|17:57] C:\ProgramData\CanonIJ
    [22/03/2009|17:57] C:\ProgramData\CanonIJEGV
    [22/03/2009|17:54] C:\ProgramData\CanonIJEPPEX
    [22/03/2009|17:53] C:\ProgramData\CanonIJMyPrinter
    [01/07/2009|12:22] C:\ProgramData\CanonIJPLM
    [22/03/2009|17:54] C:\ProgramData\CanonIJSolutionMenu
    [19/02/2009|00:56] C:\ProgramData\CyberLink
    [27/04/2009|17:49] C:\ProgramData\DAEMON Tools Pro
    [02/11/2006|15:02] C:\ProgramData\Desktop
    [02/11/2006|15:02] C:\ProgramData\Documents
    [16/02/2009|18:27] C:\ProgramData\eMule
    [07/12/2008|16:21] C:\ProgramData\Favoris
    [02/11/2006|15:02] C:\ProgramData\Favorites
    [03/05/2009|18:24] C:\ProgramData\FirmTools
    [04/04/2009|21:12] C:\ProgramData\Google
    [10/08/2009|20:54] C:\ProgramData\Google Updater
    [07/08/2008|10:02] C:\ProgramData\Hewlett-Packard
    [18/06/2009|12:02] C:\ProgramData\Manager Delete 4.ml9fg73
    [10/08/2009|03:03] C:\ProgramData\mealblahooze
    [07/12/2008|16:21] C:\ProgramData\Menu D‚marrer
    [18/06/2009|14:55] C:\ProgramData\Messenger Plus!
    [09/08/2009|22:59] C:\ProgramData\Microsoft
    [24/07/2009|16:26] C:\ProgramData\Microsoft Help
    [07/12/2008|16:21] C:\ProgramData\ModŠles
    [26/05/2008|11:17] C:\ProgramData\muvee Technologies
    [10/08/2009|11:57] C:\ProgramData\ntuser.pol
    [07/08/2008|10:08] C:\ProgramData\NVIDIA
    [10/08/2009|20:07] C:\ProgramData\nvModes.001
    [10/08/2009|20:07] C:\ProgramData\nvModes.dat
    [19/07/2009|17:21] C:\ProgramData\PC Tools
    [13/12/2008|14:01] C:\ProgramData\PlayFirst
    [02/11/2006|15:02] C:\ProgramData\Start Menu
    [10/08/2009|10:50] C:\ProgramData\Symantec
    [24/07/2009|00:22] C:\ProgramData\TEMP
    [02/11/2006|15:02] C:\ProgramData\Templates
    [24/12/2008|20:16] C:\ProgramData\WildTangent
    [08/02/2009|00:47] C:\ProgramData\WindowsSearch
    [03/08/2009|19:12] C:\ProgramData\Zylom

    --------------------\\ Listing des dossiers dans C:\Program Files

    [26/05/2008|11:32] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [26/05/2008|11:33] C:\Program Files\Adobe
    [07/12/2008|16:28] C:\Program Files\AIM6
    [05/02/2009|12:38] C:\Program Files\Alwil Software
    [26/05/2008|11:46] C:\Program Files\AOL
    [03/03/2009|18:27] C:\Program Files\Apple Software Update
    [19/04/2009|10:41] C:\Program Files\Ares
    [07/08/2008|09:27] C:\Program Files\Atheros
    [10/08/2009|11:26] C:\Program Files\Avira
    [11/04/2009|15:15] C:\Program Files\Bonjour
    [22/03/2009|18:15] C:\Program Files\Canon
    [22/03/2009|17:48] C:\Program Files\CanonBJ
    [09/08/2009|21:19] C:\Program Files\CCleaner
    [10/08/2009|13:29] C:\Program Files\Circle Developeent
    [07/08/2008|09:26] C:\Program Files\Cisco
    [22/07/2009|22:06] C:\Program Files\CleanUp!
    [19/07/2009|17:21] C:\Program Files\Common Files
    [23/07/2009|20:53] C:\Program Files\Conduit
    [07/08/2008|09:34] C:\Program Files\CONEXANT
    [22/04/2009|12:51] C:\Program Files\Creative Labs
    [07/08/2008|10:06] C:\Program Files\CyberLink
    [27/04/2009|17:53] C:\Program Files\DAEMON Tools Pro
    [21/07/2009|00:47] C:\Program Files\Datel
    [26/05/2008|11:46] C:\Program Files\EasyBits For Kids
    [07/12/2008|16:21] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [03/05/2009|18:24] C:\Program Files\FirmTools
    [23/07/2009|20:49] C:\Program Files\FreeTime
    [22/04/2009|19:06] C:\Program Files\GameSpy Arcade
    [17/05/2009|20:16] C:\Program Files\Google
    [24/02/2009|19:01] C:\Program Files\Guitar Pro 5
    [16/04/2009|00:11] C:\Program Files\Hewlett-Packard
    [26/05/2008|11:56] C:\Program Files\HP
    [26/05/2008|10:41] C:\Program Files\HP Games
    [03/05/2009|10:20] C:\Program Files\InstallShield Installation Information
    [31/07/2009|03:06] C:\Program Files\Internet Explorer
    [01/07/2009|12:10] C:\Program Files\iPod
    [01/07/2009|12:11] C:\Program Files\iTunes
    [24/07/2009|00:19] C:\Program Files\Java
    [09/02/2009|16:27] C:\Program Files\LimeWire
    [03/05/2009|10:20] C:\Program Files\LucasArts
    [14/07/2009|20:21] C:\Program Files\Messenger Plus! Live
    [20/02/2009|01:31] C:\Program Files\Microsoft
    [02/11/2006|14:37] C:\Program Files\Microsoft Games
    [21/01/2009|14:05] C:\Program Files\Microsoft Office
    [20/02/2009|01:31] C:\Program Files\Microsoft Office Outlook Connector
    [31/07/2009|03:08] C:\Program Files\Microsoft Silverlight
    [20/02/2009|01:26] C:\Program Files\Microsoft SQL Server Compact Edition
    [20/02/2009|01:29] C:\Program Files\Microsoft Sync Framework
    [21/01/2009|14:05] C:\Program Files\Microsoft Visual Studio
    [12/06/2009|03:09] C:\Program Files\Microsoft Works
    [26/05/2008|11:30] C:\Program Files\Microsoft.NET
    [26/05/2008|19:38] C:\Program Files\Movie Maker
    [10/08/2009|16:23] C:\Program Files\Mozilla Firefox
    [02/11/2006|14:37] C:\Program Files\MSBuild
    [04/02/2009|08:36] C:\Program Files\MSXML 4.0
    [26/05/2008|11:17] C:\Program Files\muvee Technologies
    [07/08/2008|09:33] C:\Program Files\NetWaiting
    [07/12/2008|16:28] C:\Program Files\Online Services
    [01/07/2009|12:07] C:\Program Files\QuickTime
    [02/11/2006|14:37] C:\Program Files\Reference Assemblies
    [01/07/2009|12:16] C:\Program Files\Safari
    [11/04/2009|14:59] C:\Program Files\Samsung
    [16/04/2009|15:16] C:\Program Files\Shareaza
    [23/07/2009|20:54] C:\Program Files\Softonic_France_FF
    [22/07/2009|21:03] C:\Program Files\Spyware Doctor
    [07/08/2008|09:31] C:\Program Files\Synaptics
    [10/08/2009|16:08] C:\Program Files\Trend Micro
    [02/11/2006|15:01] C:\Program Files\Uninstall Information
    [05/02/2009|18:40] C:\Program Files\VideoLAN
    [02/08/2009|21:35] C:\Program Files\Vuze
    [26/05/2008|19:38] C:\Program Files\Windows Calendar
    [26/05/2008|19:38] C:\Program Files\Windows Collaboration
    [26/05/2008|19:38] C:\Program Files\Windows Defender
    [26/05/2008|19:38] C:\Program Files\Windows Journal
    [20/02/2009|01:30] C:\Program Files\Windows Live
    [07/02/2009|22:22] C:\Program Files\Windows Live SkyDrive
    [16/07/2009|12:38] C:\Program Files\Windows Mail
    [12/03/2009|04:07] C:\Program Files\Windows Media Player
    [07/12/2008|16:21] C:\Program Files\Windows NT
    [26/05/2008|19:38] C:\Program Files\Windows Photo Gallery
    [26/05/2008|19:38] C:\Program Files\Windows Sidebar
    [18/07/2009|14:13] C:\Program Files\WinRAR
    [01/08/2009|00:28] C:\Program Files\Youtube Downloader HD
    [03/08/2009|21:24] C:\Program Files\Zylom Games

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [26/05/2008|11:34] C:\Program Files\Common Files\Adobe
    [07/12/2008|16:28] C:\Program Files\Common Files\AOL
    [01/07/2009|12:10] C:\Program Files\Common Files\Apple
    [22/03/2009|17:52] C:\Program Files\Common Files\CANON
    [26/05/2008|11:30] C:\Program Files\Common Files\DESIGNER
    [26/05/2008|11:50] C:\Program Files\Common Files\InstallShield
    [26/05/2008|11:57] C:\Program Files\Common Files\Java
    [07/08/2008|10:03] C:\Program Files\Common Files\LightScribe
    [24/07/2009|16:44] C:\Program Files\Common Files\microsoft shared
    [26/05/2008|11:17] C:\Program Files\Common Files\muvee Technologies
    [19/07/2009|17:24] C:\Program Files\Common Files\PC Tools
    [02/11/2006|13:18] C:\Program Files\Common Files\Services
    [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [16/04/2009|14:46] C:\Program Files\Common Files\SWF Studio
    [10/08/2009|10:52] C:\Program Files\Common Files\Symantec Shared
    [20/02/2009|01:31] C:\Program Files\Common Files\System
    [07/02/2009|21:54] C:\Program Files\Common Files\Windows Live

    --------------------\\ Process

    ( 63 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-10 21:15:44
    Windows 6.0.6001 Service Pack 1 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:6][D:5]-> C:\Users\Galdeano\AppData\Local\Temp
    [F:1114][D:1]-> C:\Users\Galdeano\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:684][D:4]-> C:\Users\Galdeano\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:145][D:8]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - 10/08/2009|21:20 - Option : [2]

    --------------------\\ Fin du rapport a 21:20:25
    [ UAC => 1 ]
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    L'infection n'a pas été éradiquée totalement, on va devoir faire un script de suppression. Mais avant, fais ce scan généraliste stp :

    • Télécharge et installe Malwarebytes' Anti-Malware
    • A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
    • Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
    • Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
    • A la fin du scan, clique sur Afficher les résultats
    • Coche tous les éléments détectés puis clique sur Supprimer la sélection
    • Enregistre le rapport
    • S'il t'est demandé de redémarrer, clique sur Yes
    • Poste dans ta prochaine réponse le rapport apparaissant après la suppression stp

    0
  7. phk30 Messages postés 1066 Statut Membre 75
     
    Malwarebytes' Anti-Malware 1.40
    Version de la base de données: 2593
    Windows 6.0.6001 Service Pack 1

    10/08/2009 22:22:06
    mbam-log-2009-08-10 (22-22-06).txt

    Type de recherche: Examen rapide
    Eléments examinés: 94474
    Temps écoulé: 4 minute(s), 59 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 9
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 14

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\Windows\System32\credssp32.dll (Trojan.Tracur) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\credssp32.dll -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\credssp32.dll -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Windows\System32\SystemX86 (Worm.Archive) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Windows\System32\credssp32.dll (Trojan.Tracur) -> Delete on reboot.
    C:\Windows\System32\winupdate.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Windows\System32\SystemX86\245.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
    C:\Windows\System32\SystemX86\245.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
    C:\Windows\System32\SystemX86\246.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
    C:\Windows\System32\SystemX86\246.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
    C:\Windows\System32\SystemX86\247.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
    C:\Windows\System32\SystemX86\247.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
    C:\Windows\System32\SystemX86\248.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
    C:\Windows\System32\SystemX86\248.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
    C:\Windows\System32\SystemX86\249.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
    C:\Windows\System32\SystemX86\250.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
    C:\Windows\System32\SystemX86\251.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
    C:\Windows\System32\SystemX86\252.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
    0
  8. phk30 Messages postés 1066 Statut Membre 75
     
    je n'arrive plus a ouvrir internet explorer et mozilla une fenetre dit tentative d'operation non autorise sur une cle du registre marquée pour suppression dans C:\programfiles\internet exploreriexplore.exe merci
    0
  9. phk30 Messages postés 1066 Statut Membre 75
     
    ceci après le scan combofix biensur
    0
  10. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Est-ce que le problème persiste après redémarrage de l'ordinateur ?

    Avais-tu bien désactivé tes logiciels de protection avant de lancer Combofix ?

    Est-ce que tu peux poster le rapport de Combofix pour que j'essaye de déterminer ce qui crée ce problème ?

    0
  11. phk30 Messages postés 1066 Statut Membre 75
     
    J AI EU PEUR voici le rapport avec tout desactiver

    ComboFix 09-08-10.01 - Galdeano 10/08/2009 22:54.2.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2814.1742 [GMT 2:00]
    Running from: c:\users\Galdeano\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
    .

    2009-08-10 21:02 . 2009-08-10 21:02 -------- d-----w- c:\users\Galdeano\AppData\Local\temp
    2009-08-10 21:02 . 2009-08-10 21:02 -------- d-----w- c:\users\Public\AppData\Local\temp
    2009-08-10 21:02 . 2009-08-10 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-08-10 21:02 . 2009-08-10 21:02 -------- d-----w- c:\users\Chris\AppData\Local\temp
    2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\users\Galdeano\AppData\Roaming\Malwarebytes
    2009-08-10 20:15 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\programdata\Malwarebytes
    2009-08-10 20:15 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-10 19:12 . 2009-08-10 19:20 -------- d-----w- C:\Lop SD
    2009-08-10 09:29 . 2009-08-10 09:28 404225 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
    2009-08-10 09:29 . 2009-08-10 09:28 345345 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
    2009-08-10 09:29 . 2009-04-17 15:07 87297 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
    2009-08-10 09:29 . 2009-03-03 09:21 9985 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
    2009-08-10 09:29 . 2009-02-24 11:16 117505 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
    2009-08-10 09:29 . 2009-02-17 12:49 79105 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
    2009-08-10 09:29 . 2008-10-20 06:38 126721 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
    2009-08-10 09:26 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-08-10 09:26 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-08-10 09:26 . 2009-08-10 09:26 -------- d-----w- c:\programdata\Avira
    2009-08-10 09:26 . 2009-08-10 09:26 -------- d-----w- c:\program files\Avira
    2009-08-10 09:04 . 2009-08-10 09:04 23 --sha-w- c:\windows\system32\edacded0.dat
    2009-08-09 23:56 . 2009-08-10 14:08 266012242 ----a-w- C:\Sauv.reg
    2009-08-09 19:47 . 2009-08-09 19:47 -------- d-----w- C:\UAC
    2009-08-09 19:42 . 2009-08-10 14:08 -------- d-----w- c:\program files\Trend Micro
    2009-08-09 19:19 . 2009-08-09 19:19 -------- d-----w- c:\program files\CCleaner
    2009-08-03 17:15 . 2009-08-03 17:15 4096 ----a-w- c:\windows\d3dx.dat
    2009-08-03 17:15 . 2009-08-03 17:39 -------- d-----w- c:\programdata\airportmania
    2009-08-03 17:15 . 2009-08-03 17:15 -------- d-----w- c:\users\Chris\AppData\Roaming\Zylom
    2009-08-03 17:12 . 2009-08-03 17:12 -------- d-----w- c:\programdata\Zylom
    2009-08-03 17:12 . 2006-09-26 11:03 98304 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    2009-08-03 17:12 . 2006-09-26 11:03 161976 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
    2009-08-03 17:12 . 2009-08-03 19:24 -------- d-----w- c:\program files\Zylom Games
    2009-07-24 14:55 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-07-24 14:55 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
    2009-07-24 14:55 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2009-07-24 14:55 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
    2009-07-24 14:55 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
    2009-07-24 14:55 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
    2009-07-24 14:55 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
    2009-07-24 14:48 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
    2009-07-24 14:48 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
    2009-07-24 14:48 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
    2009-07-24 14:48 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
    2009-07-24 14:47 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
    2009-07-23 22:50 . 2008-06-05 16:18 5737 ----a-w- c:\users\Galdeano\AppData\Local\gnc.exe
    2009-07-23 22:20 . 2009-07-23 22:20 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-23 22:11 . 2009-08-09 15:52 521 --sha-w- c:\windows\system32\GroupPolicy000.dat
    2009-07-23 20:55 . 2009-08-10 15:28 -------- d-----w- c:\windows\BDOSCAN8
    2009-07-23 18:53 . 2009-07-23 18:53 -------- d-----w- c:\program files\Conduit
    2009-07-23 18:53 . 2009-07-23 18:54 -------- d-----w- c:\program files\Softonic_France_FF
    2009-07-23 18:53 . 2009-07-16 12:05 52224 ----a-w- c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\g05o292w.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\components\FFExternalAlert.dll
    2009-07-23 18:53 . 2009-07-16 12:05 114688 ----a-w- c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\g05o292w.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\components\npmozax.dll
    2009-07-23 18:50 . 2009-07-23 18:50 -------- d-----w- c:\users\Chris\AppData\Roaming\Desktopicon
    2009-07-23 18:49 . 2009-07-23 18:49 -------- d-----w- c:\program files\FreeTime
    2009-07-23 15:32 . 2009-07-23 15:39 -------- d-----w- c:\users\Chris\AppData\Roaming\vlc
    2009-07-22 20:06 . 2009-07-22 20:06 -------- d-----w- c:\program files\CleanUp!
    2009-07-20 22:47 . 2009-07-20 22:47 -------- d-----w- c:\program files\Datel
    2009-07-19 15:22 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2009-07-19 15:21 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2009-07-19 15:21 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2009-07-19 15:21 . 2009-07-19 15:24 -------- d-----w- c:\program files\Common Files\PC Tools
    2009-07-19 15:21 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2009-07-19 15:21 . 2009-07-22 19:03 -------- d-----w- c:\program files\Spyware Doctor
    2009-07-19 15:21 . 2009-07-19 15:21 -------- d-----w- c:\users\Chris\AppData\Roaming\PC Tools
    2009-07-19 15:21 . 2009-07-19 15:21 -------- d-----w- c:\programdata\PC Tools
    2009-07-18 17:19 . 2009-07-18 17:19 -------- d-----w- c:\users\Chris\AppData\Roaming\PlayFirst
    2009-07-18 17:09 . 2009-07-18 17:09 -------- d-----w- c:\users\Chris\AppData\Roaming\WildTangent
    2009-07-18 16:20 . 2009-07-18 16:20 1372 ----a-w- c:\windows\system32\sulXSVQZyccBbxu.vbs
    2009-07-18 16:19 . 2009-07-18 16:19 1372 ----a-w- c:\windows\system32\c7SbYJf5ntITkmG.vbs
    2009-07-16 22:06 . 2009-07-16 22:06 1372 ----a-w- c:\windows\system32\ZgNYNSPsBPgWW.vbs
    2009-07-15 16:48 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-15 16:48 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-15 16:48 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-07-15 16:48 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-07-15 11:09 . 2009-07-15 11:09 1372 ----a-w- c:\windows\system32\DJ2IxfI.vbs
    2009-07-12 13:35 . 2009-07-12 13:58 -------- d-----w- c:\users\Chris\AppData\Local\Microsoft Games

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-10 20:24 . 2008-08-07 08:02 71324 ----a-w- c:\programdata\nvModes.dat
    2009-08-10 18:54 . 2009-03-23 20:42 -------- d-----w- c:\programdata\Google Updater
    2009-08-10 16:39 . 2008-12-07 14:43 75200 ----a-w- c:\users\Galdeano\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-08-10 11:29 . 2009-06-18 09:59 -------- d-----w- c:\program files\Circle Developeent
    2009-08-10 08:52 . 2008-05-26 08:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2009-08-10 08:50 . 2008-05-26 08:05 -------- d-----w- c:\programdata\Symantec
    2009-08-10 01:03 . 2009-06-18 10:00 -------- d-----w- c:\programdata\mealblahooze
    2009-08-09 19:36 . 2009-07-07 17:12 -------- d-----w- c:\users\Chris\AppData\Roaming\Azureus
    2009-08-09 18:56 . 2009-03-15 10:24 -------- d-----w- c:\users\Chris\AppData\Roaming\LimeWire
    2009-08-09 18:24 . 2008-05-26 17:35 669566 ----a-w- c:\windows\system32\perfh00C.dat
    2009-08-09 18:24 . 2008-05-26 17:35 123556 ----a-w- c:\windows\system32\perfc00C.dat
    2009-08-02 19:35 . 2009-06-30 17:14 -------- d-----w- c:\program files\Vuze
    2009-07-31 22:28 . 2009-05-03 16:17 -------- d-----w- c:\program files\Youtube Downloader HD
    2009-07-31 01:08 . 2009-02-19 23:31 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-07-30 22:03 . 2009-02-09 12:38 75664 ----a-w- c:\users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-07-24 14:26 . 2008-05-26 09:28 -------- d-----w- c:\programdata\Microsoft Help
    2009-07-23 22:19 . 2008-05-26 09:57 -------- d-----w- c:\program files\Java
    2009-07-22 20:08 . 2009-02-09 14:28 -------- d-----w- c:\users\Galdeano\AppData\Roaming\LimeWire
    2009-07-22 20:08 . 2009-06-30 17:14 -------- d-----w- c:\users\Galdeano\AppData\Roaming\Azureus
    2009-07-21 21:52 . 2009-07-30 22:08 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-07-21 21:47 . 2009-07-30 22:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-07-21 21:47 . 2009-07-30 22:08 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-07-21 20:13 . 2009-07-30 22:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-07-16 10:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-07-14 18:21 . 2009-06-18 09:59 -------- d-----w- c:\program files\Messenger Plus! Live
    2009-07-14 11:16 . 2009-06-14 18:06 680 ----a-w- c:\users\Galdeano\AppData\Local\d3d9caps.dat
    2009-07-09 20:30 . 2009-07-09 20:30 1878984 ----a-w- c:\users\Galdeano\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    2009-07-01 10:22 . 2009-03-22 15:53 -------- d-----w- c:\programdata\CanonIJPLM
    2009-07-01 10:16 . 2009-04-11 13:17 -------- d-----w- c:\program files\Safari
    2009-07-01 10:11 . 2009-07-01 10:10 -------- d-----w- c:\program files\iTunes
    2009-07-01 10:10 . 2009-07-01 10:10 -------- d-----w- c:\program files\iPod
    2009-07-01 10:10 . 2009-03-03 16:26 -------- d-----w- c:\program files\Common Files\Apple
    2009-07-01 10:07 . 2009-07-01 10:06 -------- d-----w- c:\program files\QuickTime
    2009-07-01 09:56 . 2009-07-01 09:56 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-06-30 17:15 . 2009-06-30 17:15 -------- d-----w- c:\programdata\Azureus
    2009-06-18 12:55 . 2009-06-18 12:55 -------- d-----w- c:\programdata\Messenger Plus!
    2009-06-18 09:56 . 2009-06-18 09:56 0 ----a-w- c:\windows\nsreg.dat
    2009-06-16 13:04 . 2009-06-16 13:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2009-06-15 08:30 . 2009-06-15 08:30 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA78E.tmp.exe
    2009-06-12 01:09 . 2008-05-26 09:05 -------- d-----w- c:\program files\Microsoft Works
    2009-03-31 20:47 . 2009-06-18 09:56 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
    2009-07-15 08:09 2224152 ----a-w- c:\program files\Softonic_France_FF\tbSoft.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-07-15 2224152]

    [HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{6D6B212B-2245-4898-8B16-9A11B81FF9E1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-07-15 2224152]

    [HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-23 39408]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "FilterAdministratorToken"= 1 (0x1)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Users^Galdeano^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
    path=c:\users\Galdeano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
    backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{63FC0E32-44A3-4668-9819-DA27EB62692A}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
    "{1E6979A3-3BDF-4DD7-B94B-EC7DE0004C4A}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "{759D2343-1D58-47DE-ADB8-46C43FA825E7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{31BF0BE5-F768-4AD3-818A-204C2F878DC1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{1F7EDD56-E6C2-4F9D-9CC7-445678D6E318}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{3351A1A5-4720-42F5-A517-A6597EEABCB1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{1C200367-AC15-4425-8497-434A015A20C8}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{19D1BD83-6606-4155-89BE-3F430C5DF4A9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{0CFE5DE5-8944-48DF-84E9-813D448CBDE7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{F3D8FB44-2BCA-4B29-B88F-8040E5F0520B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "{7DA5AC63-2CF2-4F26-AC8E-18D38077CAF2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{FB36B454-B273-4206-AD5A-F6A093FFBA78}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{212856A8-99EF-4DE3-A7F2-610CC590D9D5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{9CC6250B-416D-490B-B15C-30835FF153F9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{3B06DA3C-A5E2-4EEA-B542-1BB8DA8AF7F6}"= UDP:c:\program files\Shareaza\Shareaza.exe:Shareaza
    "{9A3DFADF-ED25-4DFB-A142-5C597C6DC36A}"= TCP:c:\program files\Shareaza\Shareaza.exe:Shareaza
    "{8A013790-CE75-4360-AB83-8E300BA8FD33}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{AB8E3F88-8B7F-4D59-84AB-DB67CFA6DF50}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [19/07/2009 17:21 130936]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/08/2009 11:26 108289]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [26/05/2008 11:52 361808]
    R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [03/05/2008 14:39 42528]
    S2 gupdate1c9abf7f7465800;Service Google Update (gupdate1c9abf7f7465800);c:\program files\Google\Update\GoogleUpdate.exe [23/03/2009 22:42 133104]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26/05/2008 10:32 193840]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [20/02/2009 01:30 55280]
    S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/07/2009 17:21 348752]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-10 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 20:41]

    2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 20:42]

    2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 20:42]

    2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000Core.job
    - c:\users\Galdeano\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-16 08:00]

    2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000UA.job
    - c:\users\Galdeano\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-16 08:00]

    2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002Core.job
    - c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 08:00]

    2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002UA.job
    - c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 08:00]

    2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{50A94D73-4F1F-4EAA-81E9-A45AF48AF528}.job
    - c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]

    2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{DF45F308-4470-4E68-890F-640EBF9D60A3}.job
    - c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: &Recherche AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\fr-FR\local\search.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    FF - ProfilePath - c:\users\Galdeano\AppData\Roaming\Mozilla\Firefox\Profiles\eymq5rs6.default\
    FF - prefs.js: browser.search.selectedEngine - Ask
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
    FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-10 23:02
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    c:\windows\TEMP\TMP000000715A326BE0EBC629D0 524288 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer]
    @DACL=(02 0000)
    "1"="ATA<cr>"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\ATPUD]
    @DACL=(02 0000)
    "ATPUD"=hex:02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Blst]
    @DACL=(02 0000)
    "FLAG"=hex:00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Clients]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\CSD]
    @DACL=(02 0000)
    "EnableKmixer"=hex:01,00,00,00
    "KMixerDataInitialDelay"=hex:0d,00,00,00
    "KMixerSpkpInitialDelay"=hex:0c,00,00,00
    "MaxSampleValue"=hex:e8,03,00,00
    "UnMuteTimerDuration"=hex:d0,07,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\DspInfo]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\EnableCallerID]
    @DACL=(02 0000)
    "1"="at+vcid=1<cr>"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup]
    @DACL=(02 0000)
    "1"="ATH<cr>"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init]
    @DACL=(02 0000)
    "1"="AT<cr>"
    "2"="AT&FE0V1S0=0&C1&D2+MR=2;+DR=1;+ER=1;W2<cr>"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor]
    @DACL=(02 0000)
    "1"="ATS0=0<cr>"
    "2"="None"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\OEM]
    @DACL=(02 0000)
    "SREGS"=hex:00,00,2b,0d,0a,08,04,32,02,06,0e,5f,32,ff,8a,00,00,00,00,00,00,34,
    77,37,00,05,01,49,00,00,00,06,11,13,ff,ff,07,00,14,03,00,05
    "AT+MS"=hex:5c,00,00,00,01,00,00,00,4b,00,00,00,80,bb,00,00,4b,00,00,00,c0,da,
    00,00
    "TONEPARAMS"=hex:4c,04,14,00,0a,00,00,00,cc,ff,cc,ff,04,00,00,00,2c,01,00,00,
    2c,01,00,00,34,08,28,00,0a,00,00,00,cc,ff,cc,ff,0e,00,00,00,32,00,00,00,32,\
    "CONSTTONEPARAMS"=hex:b1,08,3c,00,0a,00,00,00,cc,ff,cc,ff,02,00,00,00,32,00,00,
    00,32,00,00,00,34,08,32,00,32,00,00,00,cc,ff,cc,ff,03,00,00,00,64,00,00,00,\
    "V25TER"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,01,00,00,00,01,00,00,00,c1,00,00,00,00,00,00,00,22,\
    "FLAGS"=hex:02,07,00,08,08,00,00,00
    "SPKR_MUTE_DELAY"=hex:2c,01
    "OFF_HOOK_CONVERGENCE_DURATION"=hex:c8,00
    "AT_MISC_DEF"=hex:02,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00
    "VOLUME_AMPLIFICATION_PARMS"=hex:00,00,00,00,fa,ff,ff,ff,18,00,00,00
    "CADENCE"=hex:01,2c,01,00,00,ee,02,00,00,d0,07,00,00,80,0c,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,2c,01,00,00
    "PROPERTIES"=hex:ff,ff,ff,ff
    "MOD_THRESHOLD"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    "CSA_FLAGS"=hex:00,00,00,00
    "DAAType"=hex:01
    "SmartDAAParams"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,00,
    00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,13,\
    "SmartDAAParamsK3"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,
    00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,\
    "SmartDAAParamsHal"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,
    00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,06,08,12,16,1e,06,0c,\
    "DTMF_COMP_LEVEL"=hex:17,00,00,00,15,00,00,00,14,00,00,00,12,00,00,00,0b,00,00,
    00,08,00,00,00,04,00,00,00,00,00,00,00
    "HwData"=hex:00,10,00,30,01,80,10,00
    "DLG_PARAMS"=hex:01,00,00,00,00
    "HANDSET_PARAMS"=hex:00,00,ff,ff,ff
    "WOR"=hex:00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
    ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff
    "DC_CALC_PARAMS"=hex:2c,01,00,00,00,04,00,00,00,00,00,00
    "CPU_FREQ_CHANGE"=hex:00,00,00,00,00,00,00,00
    "CPU_FREQ_CHANGE_REVB"=hex:00,00,00,00,00,00,00,00
    "FAX_PRE_LOAD_DELAY"=hex:08,00,00,00
    "CONTROLLER_THREAD_TIMER_RESOLUTION_EC_CONNECTED"=hex:0a
    "SOFT_RING_PARAMS"=hex:00,00,b9,0b,b8,0b,00,00,49,71,48,71,01,00,d8,59,a0,0f,
    00,00,30,75,b8,0b
    "JCID_RING"=hex:32,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Profile]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Region]
    @DACL=(02 0000)
    "Current"=hex:ff,00
    "Previous"=hex:ff,00
    "COPY_CTY"=hex:00,00,00,00
    "RegionList"=hex:ff,fe,7f,fe,ff,ff,ff,7f,fb,fb,ff,df,ff,ff,ff,ff,ff,ff,dd,ff,
    ff,ff,ff,ff,be,ff,ff,ff,ff,fd,bf,5f

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\SdkCapable]
    @DACL=(02 0000)
    "Type"=hex:00

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings]
    @DACL=(02 0000)
    "Prefix"="AT"
    "Terminator"="<cr>"
    "DialPrefix"="D"
    "DialSuffix"=";"
    "SpeakerVolume_Low"="L1"
    "SpeakerVolume_Med"="L2"
    "SpeakerVolume_High"="L3"
    "SpeakerMode_Off"="M0"
    "SpeakerMode_Dial"="M1"
    "SpeakerMode_On"="M2"
    "SpeakerMode_Setup"="M3"
    "FlowControl_Off"="+IFC=0,0;"
    "FlowControl_Hard"="+IFC=2,2;"
    "FlowControl_Soft"="+IFC=1,1;"
    "Pulse"="P"
    "Tone"="T"
    "Blind_Off"="X4"
    "Blind_On"="X3"
    "CallSetupFailTimer"="S7=<#>"
    "ErrorControl_On"="+ES=3,0,2;"
    "ErrorControl_Off"="+ES=1,0,1;"
    "ErrorControl_Forced"="+ES=3,2,4;"
    "Compression_On"="+DS=3;+DS44=3;"
    "Compression_Off"="+DS=0;+DS44=0;"
    "InactivityTimeout"="S30=<#>"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\V92]
    @DACL=(02 0000)
    "QC_CONF"=hex:01,01,01,01

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Answer]
    @DACL=(02 0000)
    "1"="ATA<cr>"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Clients]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Fax]
    @DACL=(02 0000)
    "CL1FCS"="2"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Hangup]
    @DACL=(02 0000)
    "1"="ATH<cr>"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Init]
    @DACL=(02 0000)
    "1"="AT<cr>"
    "2"="AT&F<cr>"
    "3"="ATV1E0S0=0&D2&C1<cr>"
    "4"="AT+CMEE=1<cr>"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Monitor]
    @DACL=(02 0000)
    "1"="ATS0=0<cr>"
    "2"="None"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Settings]
    @DACL=(02 0000)
    "FlowControl_Hard"="+IFC=2,2;"
    "FlowControl_Off"="+IFC=0,0;"
    "FlowControl_Soft"="+IFC=1,1;"
    "CompatibilityFlags"=hex:01,00,00,00
    "CallSetupFailTimer"="S7=<#>"
    "DialPrefix"="D"
    "DialSuffix"=";"
    "Prefix"="AT"
    "Terminator"="<cr>"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Answer]
    @DACL=(02 0000)
    "1"="ATA<cr>"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Clients]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Fax]
    @DACL=(02 0000)
    "CL1FCS"="2"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Hangup]
    @DACL=(02 0000)
    "1"="ATHE1<cr>"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Init]
    @DACL=(02 0000)
    "1"="AT<cr>"
    "2"="ATE0V1&D2&C1S0=0<cr>"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Monitor]
    @DACL=(02 0000)
    "1"="ATS0=0<cr>"
    "2"="None"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Settings]
    @DACL=(02 0000)
    "Prefix"="AT"
    "Terminator"="<cr>"
    "DialPrefix"="D"
    "DialSuffix"=""
    "Pulse"="P"
    "Tone"="T"
    "CallSetupFailTimer"="S7=<#>"
    .
    Completion time: 2009-08-10 23:05
    ComboFix-quarantined-files.txt 2009-08-10 21:05
    ComboFix2.txt 2009-08-10 20:46

    Pre-Run: 78 511 185 920 octets libres
    Post-Run: 78 468 538 368 octets libres

    Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
    493 --- E O F --- 2009-08-07 13:27
    0
  12. phk30 Messages postés 1066 Statut Membre 75
     
    bonsoir est ce que j'ouvre une autre aide sur le forum svp merci à bientot
    0