Sujet Précédent Sujet Suivant

PC INFECTE PAR HTML/infected.Webpage.Gen

phk30 Messages postés 1066 Statut Membre -  
phk30 Messages postés 1066 Statut Membre -
Bonjour, j'ai 2 fenetre antivir qui s'ouvre et reviennent en boucle avec des virus : " TR/killProc.AK et HTML/infected.Webpage.Gen " impossible de les supprimer et bitdefender ne veut pas se lancer j'ai AUSSI UNE FENETRE QUI LANCE UN ANTI VIRUS AUTOMATIQUE SANS LUI DEMANDE RQUAND ON OUVRE INTERNET EXPLORER merci POUR VOTRE AIDE A BIENTOT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:12, on 10/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Galdeano\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\58UA7IMA\HiJackThis[1].exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [winupdate.exe] C:\Windows\system32\winupdate.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Google Update] "C:\Users\Galdeano\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Bodybits] "C:\ProgramData\listthirdthird.uockq"
O4 - HKCU\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\Manager Delete 4.ml9fg73"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\credssp32.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1c9abf7f7465800) (gupdate1c9abf7f7465800) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

11 réponses

Réponse 1 / 11
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
OK. Fais redémarrer ton ordinateur, puis passé à la suite :

/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helper du forum qui connait bien cet outil vous l'a recommandé.

/!\ Désactive tous tes logiciels de protection /!\

• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Fais un clic-droit sur ComboFix.exe et clique sur « Exécuter en temps qu'administrateur ».
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

1
Réponse 2 / 11
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Bonjour,

Ce rapport montre plusieurs infections, on va toutes les traiter une par une.

Il y a tout d'abord une infection Lop/Swizzor, qui s'installe notamment via les logiciels suivant, en contrepartie de leur dite « gratuité » :

• Le sponsor de Messenger Plus!
• BitDownload
• BitGrabber
• BitRoll
• NetPumper
• TorrentQ
• Torrent101

Pour supprimer cette infection, il faut utiliser le programme LopS&D.

• Télécharge Lop S&D (créé par eric 71) sur ton Bureau
• Double-clique dessus pour lancer l'installation
• Fais un clic-droit sur le raccourci Lop S&D présent sur ton Bureau, puis choisis « Exécuter en temps qu'administrateur ».
• Sélectionne la langue souhaitée, puis choisis l'option 2 (Suppression)
• Patiente jusqu'à la fin du scan
• Poste le rapport généré (C:\lopR.txt)

Tutoriel pour t’aider : http://www.malekal.com//tutorial_Lop_SD.php

0
Réponse 3 / 11
phk30 Messages postés 1066 Statut Membre 75
 
bonsoir et merci pour la rapidité c'est en cour je répond de mon autre pc et d'abord question cela va t'il désinfecté les 2 sessions ? merci à bientot
0
Réponse 4 / 11
phk30 Messages postés 1066 Statut Membre 75
 
VOICI LE RAPPORT

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Sempron(tm) SI-40 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Galdeano ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:223 Go (Free:73 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 10/08/2009|21:13 )

[ UAC => 0 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\ProgramData\Okay meta anti lite\Trans Title.dat
Supprime! - C:\ProgramData\Okay meta anti lite\wait program.dat
Supprime! - C:\Users\Galdeano\AppData\Roaming\MICROS~1\Windows\Cookies\galdeano@adserver5[1].txt
Supprime! - C:\Users\Galdeano\AppData\Roaming\MICROS~1\Windows\Cookies\galdeano@www.adserver5[2].txt
Supprime! - C:\Users\Galdeano\AppData\Roaming\MICROS~1\Windows\Cookies\galdeano@advertising[1].txt
Supprime! - C:\ProgramData\listthirdthird.kb2sj
Supprime! - C:\ProgramData\listthirdthird.r6kom
Supprime! - C:\ProgramData\listthirdthird.uockq
Supprime! - C:\ProgramData\listthirdthird.xrbfea
Supprime! - C:\ProgramData\Bat first rule.kuv5gl2
Supprime! - C:\ProgramData\listthirdthird.hmxde5g
Supprime! - C:\ProgramData\Okay meta anti lite
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\PROGRA~2\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans Local

[21/02/2009|18:32] C:\Users\Galdeano\AppData\Local\Adobe
[07/12/2008|18:07] C:\Users\Galdeano\AppData\Local\AOL
[03/03/2009|18:27] C:\Users\Galdeano\AppData\Local\Apple
[11/04/2009|15:27] C:\Users\Galdeano\AppData\Local\Apple Computer
[07/12/2008|16:25] C:\Users\Galdeano\AppData\Local\Application Data
[19/04/2009|10:41] C:\Users\Galdeano\AppData\Local\Ares
[07/12/2008|16:43] C:\Users\Galdeano\AppData\Local\AtStart.txt
[14/07/2009|13:16] C:\Users\Galdeano\AppData\Local\d3d9caps.dat
[09/07/2009|18:54] C:\Users\Galdeano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[07/12/2008|16:43] C:\Users\Galdeano\AppData\Local\DSwitch.txt
[10/08/2009|18:39] C:\Users\Galdeano\AppData\Local\GDIPFONTCACHEV1.DAT
[05/06/2008|18:18] C:\Users\Galdeano\AppData\Local\gnc.exe
[09/08/2009|00:58] C:\Users\Galdeano\AppData\Local\Google
[07/12/2008|16:25] C:\Users\Galdeano\AppData\Local\Historique
[13/06/2009|18:19] C:\Users\Galdeano\AppData\Local\Microsoft
[11/12/2008|22:34] C:\Users\Galdeano\AppData\Local\Microsoft Games
[18/06/2009|11:56] C:\Users\Galdeano\AppData\Local\Mozilla
[07/12/2008|16:43] C:\Users\Galdeano\AppData\Local\QSwitch.txt
[20/02/2009|12:25] C:\Users\Galdeano\AppData\Local\QuickPlay
[09/02/2009|18:43] C:\Users\Galdeano\AppData\Local\Shareaza
[10/08/2009|21:13] C:\Users\Galdeano\AppData\Local\Temp
[07/12/2008|16:25] C:\Users\Galdeano\AppData\Local\Temporary Internet Files
[07/12/2008|17:26] C:\Users\Galdeano\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[10/08/2009 20:30][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002UA.job
[09/08/2009 19:30][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002Core.job
[10/08/2009 20:41][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000UA.job
[10/08/2009 12:41][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000Core.job
[10/08/2009 20:57][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[10/08/2009 20:07][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[10/08/2009 20:54][--a------] C:\Windows\tasks\Google Software Updater.job
[10/08/2009 21:13][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{DF45F308-4470-4E68-890F-640EBF9D60A3}.job
[10/08/2009 20:06][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{50A94D73-4F1F-4EAA-81E9-A45AF48AF528}.job
[03/08/2009 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Effectuer une analyse complŠte du systŠme - Galdeano.job
[10/08/2009 20:06][--ah-----] C:\Windows\tasks\SA.DAT
[10/08/2009 18:49][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[26/05/2008|11:32] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[11/04/2009|15:24] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[26/05/2008|11:34] C:\ProgramData\Adobe
[03/08/2009|19:39] C:\ProgramData\airportmania
[26/05/2008|11:46] C:\ProgramData\AOL
[03/03/2009|18:26] C:\ProgramData\Apple
[03/03/2009|18:31] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[07/08/2008|09:26] C:\ProgramData\Atheros
[10/08/2009|11:26] C:\ProgramData\Avira
[30/06/2009|19:15] C:\ProgramData\Azureus
[07/12/2008|16:21] C:\ProgramData\Bureau
[22/03/2009|15:06] C:\ProgramData\CanonBJ
[22/03/2009|17:57] C:\ProgramData\CanonIJ
[22/03/2009|17:57] C:\ProgramData\CanonIJEGV
[22/03/2009|17:54] C:\ProgramData\CanonIJEPPEX
[22/03/2009|17:53] C:\ProgramData\CanonIJMyPrinter
[01/07/2009|12:22] C:\ProgramData\CanonIJPLM
[22/03/2009|17:54] C:\ProgramData\CanonIJSolutionMenu
[19/02/2009|00:56] C:\ProgramData\CyberLink
[27/04/2009|17:49] C:\ProgramData\DAEMON Tools Pro
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[16/02/2009|18:27] C:\ProgramData\eMule
[07/12/2008|16:21] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[03/05/2009|18:24] C:\ProgramData\FirmTools
[04/04/2009|21:12] C:\ProgramData\Google
[10/08/2009|20:54] C:\ProgramData\Google Updater
[07/08/2008|10:02] C:\ProgramData\Hewlett-Packard
[18/06/2009|12:02] C:\ProgramData\Manager Delete 4.ml9fg73
[10/08/2009|03:03] C:\ProgramData\mealblahooze
[07/12/2008|16:21] C:\ProgramData\Menu D‚marrer
[18/06/2009|14:55] C:\ProgramData\Messenger Plus!
[09/08/2009|22:59] C:\ProgramData\Microsoft
[24/07/2009|16:26] C:\ProgramData\Microsoft Help
[07/12/2008|16:21] C:\ProgramData\ModŠles
[26/05/2008|11:17] C:\ProgramData\muvee Technologies
[10/08/2009|11:57] C:\ProgramData\ntuser.pol
[07/08/2008|10:08] C:\ProgramData\NVIDIA
[10/08/2009|20:07] C:\ProgramData\nvModes.001
[10/08/2009|20:07] C:\ProgramData\nvModes.dat
[19/07/2009|17:21] C:\ProgramData\PC Tools
[13/12/2008|14:01] C:\ProgramData\PlayFirst
[02/11/2006|15:02] C:\ProgramData\Start Menu
[10/08/2009|10:50] C:\ProgramData\Symantec
[24/07/2009|00:22] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[24/12/2008|20:16] C:\ProgramData\WildTangent
[08/02/2009|00:47] C:\ProgramData\WindowsSearch
[03/08/2009|19:12] C:\ProgramData\Zylom

--------------------\\ Listing des dossiers dans C:\Program Files

[26/05/2008|11:32] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[26/05/2008|11:33] C:\Program Files\Adobe
[07/12/2008|16:28] C:\Program Files\AIM6
[05/02/2009|12:38] C:\Program Files\Alwil Software
[26/05/2008|11:46] C:\Program Files\AOL
[03/03/2009|18:27] C:\Program Files\Apple Software Update
[19/04/2009|10:41] C:\Program Files\Ares
[07/08/2008|09:27] C:\Program Files\Atheros
[10/08/2009|11:26] C:\Program Files\Avira
[11/04/2009|15:15] C:\Program Files\Bonjour
[22/03/2009|18:15] C:\Program Files\Canon
[22/03/2009|17:48] C:\Program Files\CanonBJ
[09/08/2009|21:19] C:\Program Files\CCleaner
[10/08/2009|13:29] C:\Program Files\Circle Developeent
[07/08/2008|09:26] C:\Program Files\Cisco
[22/07/2009|22:06] C:\Program Files\CleanUp!
[19/07/2009|17:21] C:\Program Files\Common Files
[23/07/2009|20:53] C:\Program Files\Conduit
[07/08/2008|09:34] C:\Program Files\CONEXANT
[22/04/2009|12:51] C:\Program Files\Creative Labs
[07/08/2008|10:06] C:\Program Files\CyberLink
[27/04/2009|17:53] C:\Program Files\DAEMON Tools Pro
[21/07/2009|00:47] C:\Program Files\Datel
[26/05/2008|11:46] C:\Program Files\EasyBits For Kids
[07/12/2008|16:21] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[03/05/2009|18:24] C:\Program Files\FirmTools
[23/07/2009|20:49] C:\Program Files\FreeTime
[22/04/2009|19:06] C:\Program Files\GameSpy Arcade
[17/05/2009|20:16] C:\Program Files\Google
[24/02/2009|19:01] C:\Program Files\Guitar Pro 5
[16/04/2009|00:11] C:\Program Files\Hewlett-Packard
[26/05/2008|11:56] C:\Program Files\HP
[26/05/2008|10:41] C:\Program Files\HP Games
[03/05/2009|10:20] C:\Program Files\InstallShield Installation Information
[31/07/2009|03:06] C:\Program Files\Internet Explorer
[01/07/2009|12:10] C:\Program Files\iPod
[01/07/2009|12:11] C:\Program Files\iTunes
[24/07/2009|00:19] C:\Program Files\Java
[09/02/2009|16:27] C:\Program Files\LimeWire
[03/05/2009|10:20] C:\Program Files\LucasArts
[14/07/2009|20:21] C:\Program Files\Messenger Plus! Live
[20/02/2009|01:31] C:\Program Files\Microsoft
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[21/01/2009|14:05] C:\Program Files\Microsoft Office
[20/02/2009|01:31] C:\Program Files\Microsoft Office Outlook Connector
[31/07/2009|03:08] C:\Program Files\Microsoft Silverlight
[20/02/2009|01:26] C:\Program Files\Microsoft SQL Server Compact Edition
[20/02/2009|01:29] C:\Program Files\Microsoft Sync Framework
[21/01/2009|14:05] C:\Program Files\Microsoft Visual Studio
[12/06/2009|03:09] C:\Program Files\Microsoft Works
[26/05/2008|11:30] C:\Program Files\Microsoft.NET
[26/05/2008|19:38] C:\Program Files\Movie Maker
[10/08/2009|16:23] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[04/02/2009|08:36] C:\Program Files\MSXML 4.0
[26/05/2008|11:17] C:\Program Files\muvee Technologies
[07/08/2008|09:33] C:\Program Files\NetWaiting
[07/12/2008|16:28] C:\Program Files\Online Services
[01/07/2009|12:07] C:\Program Files\QuickTime
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[01/07/2009|12:16] C:\Program Files\Safari
[11/04/2009|14:59] C:\Program Files\Samsung
[16/04/2009|15:16] C:\Program Files\Shareaza
[23/07/2009|20:54] C:\Program Files\Softonic_France_FF
[22/07/2009|21:03] C:\Program Files\Spyware Doctor
[07/08/2008|09:31] C:\Program Files\Synaptics
[10/08/2009|16:08] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[05/02/2009|18:40] C:\Program Files\VideoLAN
[02/08/2009|21:35] C:\Program Files\Vuze
[26/05/2008|19:38] C:\Program Files\Windows Calendar
[26/05/2008|19:38] C:\Program Files\Windows Collaboration
[26/05/2008|19:38] C:\Program Files\Windows Defender
[26/05/2008|19:38] C:\Program Files\Windows Journal
[20/02/2009|01:30] C:\Program Files\Windows Live
[07/02/2009|22:22] C:\Program Files\Windows Live SkyDrive
[16/07/2009|12:38] C:\Program Files\Windows Mail
[12/03/2009|04:07] C:\Program Files\Windows Media Player
[07/12/2008|16:21] C:\Program Files\Windows NT
[26/05/2008|19:38] C:\Program Files\Windows Photo Gallery
[26/05/2008|19:38] C:\Program Files\Windows Sidebar
[18/07/2009|14:13] C:\Program Files\WinRAR
[01/08/2009|00:28] C:\Program Files\Youtube Downloader HD
[03/08/2009|21:24] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[26/05/2008|11:34] C:\Program Files\Common Files\Adobe
[07/12/2008|16:28] C:\Program Files\Common Files\AOL
[01/07/2009|12:10] C:\Program Files\Common Files\Apple
[22/03/2009|17:52] C:\Program Files\Common Files\CANON
[26/05/2008|11:30] C:\Program Files\Common Files\DESIGNER
[26/05/2008|11:50] C:\Program Files\Common Files\InstallShield
[26/05/2008|11:57] C:\Program Files\Common Files\Java
[07/08/2008|10:03] C:\Program Files\Common Files\LightScribe
[24/07/2009|16:44] C:\Program Files\Common Files\microsoft shared
[26/05/2008|11:17] C:\Program Files\Common Files\muvee Technologies
[19/07/2009|17:24] C:\Program Files\Common Files\PC Tools
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[16/04/2009|14:46] C:\Program Files\Common Files\SWF Studio
[10/08/2009|10:52] C:\Program Files\Common Files\Symantec Shared
[20/02/2009|01:31] C:\Program Files\Common Files\System
[07/02/2009|21:54] C:\Program Files\Common Files\Windows Live

--------------------\\ Process

( 63 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 21:15:44
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:6][D:5]-> C:\Users\Galdeano\AppData\Local\Temp
[F:1114][D:1]-> C:\Users\Galdeano\AppData\Roaming\MICROS~1\Windows\Cookies
[F:684][D:4]-> C:\Users\Galdeano\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:145][D:8]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 10/08/2009|21:20 - Option : [2]

--------------------\\ Fin du rapport a 21:20:25
[ UAC => 1 ]
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
L'infection n'a pas été éradiquée totalement, on va devoir faire un script de suppression. Mais avant, fais ce scan généraliste stp :

• Télécharge et installe Malwarebytes' Anti-Malware
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes
• Poste dans ta prochaine réponse le rapport apparaissant après la suppression stp

0
Réponse 6 / 11
phk30 Messages postés 1066 Statut Membre 75
 
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2593
Windows 6.0.6001 Service Pack 1

10/08/2009 22:22:06
mbam-log-2009-08-10 (22-22-06).txt

Type de recherche: Examen rapide
Eléments examinés: 94474
Temps écoulé: 4 minute(s), 59 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 9
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 14

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Windows\System32\credssp32.dll (Trojan.Tracur) -> Delete on reboot.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\credssp32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\credssp32.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Windows\System32\SystemX86 (Worm.Archive) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\System32\credssp32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\winupdate.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\245.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\245.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\246.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\246.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\247.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\247.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\248.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\248.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\249.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\250.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\251.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\252.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
0
Réponse 7 / 11
phk30 Messages postés 1066 Statut Membre 75
 
je n'arrive plus a ouvrir internet explorer et mozilla une fenetre dit tentative d'operation non autorise sur une cle du registre marquée pour suppression dans C:\programfiles\internet exploreriexplore.exe merci
0
Réponse 8 / 11
phk30 Messages postés 1066 Statut Membre 75
 
ceci après le scan combofix biensur
0
Réponse 9 / 11
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Est-ce que le problème persiste après redémarrage de l'ordinateur ?

Avais-tu bien désactivé tes logiciels de protection avant de lancer Combofix ?

Est-ce que tu peux poster le rapport de Combofix pour que j'essaye de déterminer ce qui crée ce problème ?

0
Réponse 10 / 11
phk30 Messages postés 1066 Statut Membre 75
 
J AI EU PEUR voici le rapport avec tout desactiver

ComboFix 09-08-10.01 - Galdeano 10/08/2009 22:54.2.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2814.1742 [GMT 2:00]
Running from: c:\users\Galdeano\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 21:02 . 2009-08-10 21:02 -------- d-----w- c:\users\Galdeano\AppData\Local\temp
2009-08-10 21:02 . 2009-08-10 21:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-10 21:02 . 2009-08-10 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-10 21:02 . 2009-08-10 21:02 -------- d-----w- c:\users\Chris\AppData\Local\temp
2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\users\Galdeano\AppData\Roaming\Malwarebytes
2009-08-10 20:15 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\programdata\Malwarebytes
2009-08-10 20:15 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 19:12 . 2009-08-10 19:20 -------- d-----w- C:\Lop SD
2009-08-10 09:29 . 2009-08-10 09:28 404225 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-08-10 09:29 . 2009-08-10 09:28 345345 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-08-10 09:29 . 2009-04-17 15:07 87297 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-08-10 09:29 . 2009-03-03 09:21 9985 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2009-08-10 09:29 . 2009-02-24 11:16 117505 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
2009-08-10 09:29 . 2009-02-17 12:49 79105 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-08-10 09:29 . 2008-10-20 06:38 126721 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-08-10 09:26 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-10 09:26 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-10 09:26 . 2009-08-10 09:26 -------- d-----w- c:\programdata\Avira
2009-08-10 09:26 . 2009-08-10 09:26 -------- d-----w- c:\program files\Avira
2009-08-10 09:04 . 2009-08-10 09:04 23 --sha-w- c:\windows\system32\edacded0.dat
2009-08-09 23:56 . 2009-08-10 14:08 266012242 ----a-w- C:\Sauv.reg
2009-08-09 19:47 . 2009-08-09 19:47 -------- d-----w- C:\UAC
2009-08-09 19:42 . 2009-08-10 14:08 -------- d-----w- c:\program files\Trend Micro
2009-08-09 19:19 . 2009-08-09 19:19 -------- d-----w- c:\program files\CCleaner
2009-08-03 17:15 . 2009-08-03 17:15 4096 ----a-w- c:\windows\d3dx.dat
2009-08-03 17:15 . 2009-08-03 17:39 -------- d-----w- c:\programdata\airportmania
2009-08-03 17:15 . 2009-08-03 17:15 -------- d-----w- c:\users\Chris\AppData\Roaming\Zylom
2009-08-03 17:12 . 2009-08-03 17:12 -------- d-----w- c:\programdata\Zylom
2009-08-03 17:12 . 2006-09-26 11:03 98304 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-08-03 17:12 . 2006-09-26 11:03 161976 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-08-03 17:12 . 2009-08-03 19:24 -------- d-----w- c:\program files\Zylom Games
2009-07-24 14:55 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-24 14:55 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-24 14:55 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-24 14:55 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-24 14:55 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-24 14:55 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-24 14:55 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-24 14:48 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-24 14:48 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-24 14:48 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-24 14:48 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-24 14:47 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-23 22:50 . 2008-06-05 16:18 5737 ----a-w- c:\users\Galdeano\AppData\Local\gnc.exe
2009-07-23 22:20 . 2009-07-23 22:20 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-23 22:11 . 2009-08-09 15:52 521 --sha-w- c:\windows\system32\GroupPolicy000.dat
2009-07-23 20:55 . 2009-08-10 15:28 -------- d-----w- c:\windows\BDOSCAN8
2009-07-23 18:53 . 2009-07-23 18:53 -------- d-----w- c:\program files\Conduit
2009-07-23 18:53 . 2009-07-23 18:54 -------- d-----w- c:\program files\Softonic_France_FF
2009-07-23 18:53 . 2009-07-16 12:05 52224 ----a-w- c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\g05o292w.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\components\FFExternalAlert.dll
2009-07-23 18:53 . 2009-07-16 12:05 114688 ----a-w- c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\g05o292w.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\components\npmozax.dll
2009-07-23 18:50 . 2009-07-23 18:50 -------- d-----w- c:\users\Chris\AppData\Roaming\Desktopicon
2009-07-23 18:49 . 2009-07-23 18:49 -------- d-----w- c:\program files\FreeTime
2009-07-23 15:32 . 2009-07-23 15:39 -------- d-----w- c:\users\Chris\AppData\Roaming\vlc
2009-07-22 20:06 . 2009-07-22 20:06 -------- d-----w- c:\program files\CleanUp!
2009-07-20 22:47 . 2009-07-20 22:47 -------- d-----w- c:\program files\Datel
2009-07-19 15:22 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-19 15:21 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-19 15:21 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-19 15:21 . 2009-07-19 15:24 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-19 15:21 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-19 15:21 . 2009-07-22 19:03 -------- d-----w- c:\program files\Spyware Doctor
2009-07-19 15:21 . 2009-07-19 15:21 -------- d-----w- c:\users\Chris\AppData\Roaming\PC Tools
2009-07-19 15:21 . 2009-07-19 15:21 -------- d-----w- c:\programdata\PC Tools
2009-07-18 17:19 . 2009-07-18 17:19 -------- d-----w- c:\users\Chris\AppData\Roaming\PlayFirst
2009-07-18 17:09 . 2009-07-18 17:09 -------- d-----w- c:\users\Chris\AppData\Roaming\WildTangent
2009-07-18 16:20 . 2009-07-18 16:20 1372 ----a-w- c:\windows\system32\sulXSVQZyccBbxu.vbs
2009-07-18 16:19 . 2009-07-18 16:19 1372 ----a-w- c:\windows\system32\c7SbYJf5ntITkmG.vbs
2009-07-16 22:06 . 2009-07-16 22:06 1372 ----a-w- c:\windows\system32\ZgNYNSPsBPgWW.vbs
2009-07-15 16:48 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 16:48 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 16:48 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 16:48 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 11:09 . 2009-07-15 11:09 1372 ----a-w- c:\windows\system32\DJ2IxfI.vbs
2009-07-12 13:35 . 2009-07-12 13:58 -------- d-----w- c:\users\Chris\AppData\Local\Microsoft Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 20:24 . 2008-08-07 08:02 71324 ----a-w- c:\programdata\nvModes.dat
2009-08-10 18:54 . 2009-03-23 20:42 -------- d-----w- c:\programdata\Google Updater
2009-08-10 16:39 . 2008-12-07 14:43 75200 ----a-w- c:\users\Galdeano\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-10 11:29 . 2009-06-18 09:59 -------- d-----w- c:\program files\Circle Developeent
2009-08-10 08:52 . 2008-05-26 08:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-10 08:50 . 2008-05-26 08:05 -------- d-----w- c:\programdata\Symantec
2009-08-10 01:03 . 2009-06-18 10:00 -------- d-----w- c:\programdata\mealblahooze
2009-08-09 19:36 . 2009-07-07 17:12 -------- d-----w- c:\users\Chris\AppData\Roaming\Azureus
2009-08-09 18:56 . 2009-03-15 10:24 -------- d-----w- c:\users\Chris\AppData\Roaming\LimeWire
2009-08-09 18:24 . 2008-05-26 17:35 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-09 18:24 . 2008-05-26 17:35 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-02 19:35 . 2009-06-30 17:14 -------- d-----w- c:\program files\Vuze
2009-07-31 22:28 . 2009-05-03 16:17 -------- d-----w- c:\program files\Youtube Downloader HD
2009-07-31 01:08 . 2009-02-19 23:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 22:03 . 2009-02-09 12:38 75664 ----a-w- c:\users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-24 14:26 . 2008-05-26 09:28 -------- d-----w- c:\programdata\Microsoft Help
2009-07-23 22:19 . 2008-05-26 09:57 -------- d-----w- c:\program files\Java
2009-07-22 20:08 . 2009-02-09 14:28 -------- d-----w- c:\users\Galdeano\AppData\Roaming\LimeWire
2009-07-22 20:08 . 2009-06-30 17:14 -------- d-----w- c:\users\Galdeano\AppData\Roaming\Azureus
2009-07-21 21:52 . 2009-07-30 22:08 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 22:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 22:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 22:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 10:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-14 18:21 . 2009-06-18 09:59 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-14 11:16 . 2009-06-14 18:06 680 ----a-w- c:\users\Galdeano\AppData\Local\d3d9caps.dat
2009-07-09 20:30 . 2009-07-09 20:30 1878984 ----a-w- c:\users\Galdeano\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-07-01 10:22 . 2009-03-22 15:53 -------- d-----w- c:\programdata\CanonIJPLM
2009-07-01 10:16 . 2009-04-11 13:17 -------- d-----w- c:\program files\Safari
2009-07-01 10:11 . 2009-07-01 10:10 -------- d-----w- c:\program files\iTunes
2009-07-01 10:10 . 2009-07-01 10:10 -------- d-----w- c:\program files\iPod
2009-07-01 10:10 . 2009-03-03 16:26 -------- d-----w- c:\program files\Common Files\Apple
2009-07-01 10:07 . 2009-07-01 10:06 -------- d-----w- c:\program files\QuickTime
2009-07-01 09:56 . 2009-07-01 09:56 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-30 17:15 . 2009-06-30 17:15 -------- d-----w- c:\programdata\Azureus
2009-06-18 12:55 . 2009-06-18 12:55 -------- d-----w- c:\programdata\Messenger Plus!
2009-06-18 09:56 . 2009-06-18 09:56 0 ----a-w- c:\windows\nsreg.dat
2009-06-16 13:04 . 2009-06-16 13:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-15 08:30 . 2009-06-15 08:30 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA78E.tmp.exe
2009-06-12 01:09 . 2008-05-26 09:05 -------- d-----w- c:\program files\Microsoft Works
2009-03-31 20:47 . 2009-06-18 09:56 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
2009-07-15 08:09 2224152 ----a-w- c:\program files\Softonic_France_FF\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-07-15 2224152]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6D6B212B-2245-4898-8B16-9A11B81FF9E1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-07-15 2224152]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-23 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Galdeano^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\Galdeano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{63FC0E32-44A3-4668-9819-DA27EB62692A}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{1E6979A3-3BDF-4DD7-B94B-EC7DE0004C4A}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{759D2343-1D58-47DE-ADB8-46C43FA825E7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{31BF0BE5-F768-4AD3-818A-204C2F878DC1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1F7EDD56-E6C2-4F9D-9CC7-445678D6E318}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{3351A1A5-4720-42F5-A517-A6597EEABCB1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1C200367-AC15-4425-8497-434A015A20C8}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{19D1BD83-6606-4155-89BE-3F430C5DF4A9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0CFE5DE5-8944-48DF-84E9-813D448CBDE7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{F3D8FB44-2BCA-4B29-B88F-8040E5F0520B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{7DA5AC63-2CF2-4F26-AC8E-18D38077CAF2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FB36B454-B273-4206-AD5A-F6A093FFBA78}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{212856A8-99EF-4DE3-A7F2-610CC590D9D5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9CC6250B-416D-490B-B15C-30835FF153F9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{3B06DA3C-A5E2-4EEA-B542-1BB8DA8AF7F6}"= UDP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{9A3DFADF-ED25-4DFB-A142-5C597C6DC36A}"= TCP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{8A013790-CE75-4360-AB83-8E300BA8FD33}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{AB8E3F88-8B7F-4D59-84AB-DB67CFA6DF50}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [19/07/2009 17:21 130936]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/08/2009 11:26 108289]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [26/05/2008 11:52 361808]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [03/05/2008 14:39 42528]
S2 gupdate1c9abf7f7465800;Service Google Update (gupdate1c9abf7f7465800);c:\program files\Google\Update\GoogleUpdate.exe [23/03/2009 22:42 133104]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26/05/2008 10:32 193840]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [20/02/2009 01:30 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/07/2009 17:21 348752]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 20:41]

2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 20:42]

2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 20:42]

2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000Core.job
- c:\users\Galdeano\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-16 08:00]

2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000UA.job
- c:\users\Galdeano\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-16 08:00]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 08:00]

2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 08:00]

2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{50A94D73-4F1F-4EAA-81E9-A45AF48AF528}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]

2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{DF45F308-4470-4E68-890F-640EBF9D60A3}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Recherche AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\fr-FR\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\users\Galdeano\AppData\Roaming\Mozilla\Firefox\Profiles\eymq5rs6.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 23:02
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP000000715A326BE0EBC629D0 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer]
@DACL=(02 0000)
"1"="ATA<cr>"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\ATPUD]
@DACL=(02 0000)
"ATPUD"=hex:02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Blst]
@DACL=(02 0000)
"FLAG"=hex:00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Clients]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\CSD]
@DACL=(02 0000)
"EnableKmixer"=hex:01,00,00,00
"KMixerDataInitialDelay"=hex:0d,00,00,00
"KMixerSpkpInitialDelay"=hex:0c,00,00,00
"MaxSampleValue"=hex:e8,03,00,00
"UnMuteTimerDuration"=hex:d0,07,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\DspInfo]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\EnableCallerID]
@DACL=(02 0000)
"1"="at+vcid=1<cr>"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup]
@DACL=(02 0000)
"1"="ATH<cr>"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init]
@DACL=(02 0000)
"1"="AT<cr>"
"2"="AT&FE0V1S0=0&C1&D2+MR=2;+DR=1;+ER=1;W2<cr>"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor]
@DACL=(02 0000)
"1"="ATS0=0<cr>"
"2"="None"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\OEM]
@DACL=(02 0000)
"SREGS"=hex:00,00,2b,0d,0a,08,04,32,02,06,0e,5f,32,ff,8a,00,00,00,00,00,00,34,
77,37,00,05,01,49,00,00,00,06,11,13,ff,ff,07,00,14,03,00,05
"AT+MS"=hex:5c,00,00,00,01,00,00,00,4b,00,00,00,80,bb,00,00,4b,00,00,00,c0,da,
00,00
"TONEPARAMS"=hex:4c,04,14,00,0a,00,00,00,cc,ff,cc,ff,04,00,00,00,2c,01,00,00,
2c,01,00,00,34,08,28,00,0a,00,00,00,cc,ff,cc,ff,0e,00,00,00,32,00,00,00,32,\
"CONSTTONEPARAMS"=hex:b1,08,3c,00,0a,00,00,00,cc,ff,cc,ff,02,00,00,00,32,00,00,
00,32,00,00,00,34,08,32,00,32,00,00,00,cc,ff,cc,ff,03,00,00,00,64,00,00,00,\
"V25TER"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,01,00,00,00,01,00,00,00,c1,00,00,00,00,00,00,00,22,\
"FLAGS"=hex:02,07,00,08,08,00,00,00
"SPKR_MUTE_DELAY"=hex:2c,01
"OFF_HOOK_CONVERGENCE_DURATION"=hex:c8,00
"AT_MISC_DEF"=hex:02,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00
"VOLUME_AMPLIFICATION_PARMS"=hex:00,00,00,00,fa,ff,ff,ff,18,00,00,00
"CADENCE"=hex:01,2c,01,00,00,ee,02,00,00,d0,07,00,00,80,0c,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,2c,01,00,00
"PROPERTIES"=hex:ff,ff,ff,ff
"MOD_THRESHOLD"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"CSA_FLAGS"=hex:00,00,00,00
"DAAType"=hex:01
"SmartDAAParams"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,00,
00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,13,\
"SmartDAAParamsK3"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,
00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,\
"SmartDAAParamsHal"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,
00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,06,08,12,16,1e,06,0c,\
"DTMF_COMP_LEVEL"=hex:17,00,00,00,15,00,00,00,14,00,00,00,12,00,00,00,0b,00,00,
00,08,00,00,00,04,00,00,00,00,00,00,00
"HwData"=hex:00,10,00,30,01,80,10,00
"DLG_PARAMS"=hex:01,00,00,00,00
"HANDSET_PARAMS"=hex:00,00,ff,ff,ff
"WOR"=hex:00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff
"DC_CALC_PARAMS"=hex:2c,01,00,00,00,04,00,00,00,00,00,00
"CPU_FREQ_CHANGE"=hex:00,00,00,00,00,00,00,00
"CPU_FREQ_CHANGE_REVB"=hex:00,00,00,00,00,00,00,00
"FAX_PRE_LOAD_DELAY"=hex:08,00,00,00
"CONTROLLER_THREAD_TIMER_RESOLUTION_EC_CONNECTED"=hex:0a
"SOFT_RING_PARAMS"=hex:00,00,b9,0b,b8,0b,00,00,49,71,48,71,01,00,d8,59,a0,0f,
00,00,30,75,b8,0b
"JCID_RING"=hex:32,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Profile]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Region]
@DACL=(02 0000)
"Current"=hex:ff,00
"Previous"=hex:ff,00
"COPY_CTY"=hex:00,00,00,00
"RegionList"=hex:ff,fe,7f,fe,ff,ff,ff,7f,fb,fb,ff,df,ff,ff,ff,ff,ff,ff,dd,ff,
ff,ff,ff,ff,be,ff,ff,ff,ff,fd,bf,5f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\SdkCapable]
@DACL=(02 0000)
"Type"=hex:00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings]
@DACL=(02 0000)
"Prefix"="AT"
"Terminator"="<cr>"
"DialPrefix"="D"
"DialSuffix"=";"
"SpeakerVolume_Low"="L1"
"SpeakerVolume_Med"="L2"
"SpeakerVolume_High"="L3"
"SpeakerMode_Off"="M0"
"SpeakerMode_Dial"="M1"
"SpeakerMode_On"="M2"
"SpeakerMode_Setup"="M3"
"FlowControl_Off"="+IFC=0,0;"
"FlowControl_Hard"="+IFC=2,2;"
"FlowControl_Soft"="+IFC=1,1;"
"Pulse"="P"
"Tone"="T"
"Blind_Off"="X4"
"Blind_On"="X3"
"CallSetupFailTimer"="S7=<#>"
"ErrorControl_On"="+ES=3,0,2;"
"ErrorControl_Off"="+ES=1,0,1;"
"ErrorControl_Forced"="+ES=3,2,4;"
"Compression_On"="+DS=3;+DS44=3;"
"Compression_Off"="+DS=0;+DS44=0;"
"InactivityTimeout"="S30=<#>"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\V92]
@DACL=(02 0000)
"QC_CONF"=hex:01,01,01,01

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Answer]
@DACL=(02 0000)
"1"="ATA<cr>"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Clients]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Fax]
@DACL=(02 0000)
"CL1FCS"="2"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Hangup]
@DACL=(02 0000)
"1"="ATH<cr>"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Init]
@DACL=(02 0000)
"1"="AT<cr>"
"2"="AT&F<cr>"
"3"="ATV1E0S0=0&D2&C1<cr>"
"4"="AT+CMEE=1<cr>"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Monitor]
@DACL=(02 0000)
"1"="ATS0=0<cr>"
"2"="None"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Settings]
@DACL=(02 0000)
"FlowControl_Hard"="+IFC=2,2;"
"FlowControl_Off"="+IFC=0,0;"
"FlowControl_Soft"="+IFC=1,1;"
"CompatibilityFlags"=hex:01,00,00,00
"CallSetupFailTimer"="S7=<#>"
"DialPrefix"="D"
"DialSuffix"=";"
"Prefix"="AT"
"Terminator"="<cr>"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Answer]
@DACL=(02 0000)
"1"="ATA<cr>"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Clients]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Fax]
@DACL=(02 0000)
"CL1FCS"="2"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Hangup]
@DACL=(02 0000)
"1"="ATHE1<cr>"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Init]
@DACL=(02 0000)
"1"="AT<cr>"
"2"="ATE0V1&D2&C1S0=0<cr>"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Monitor]
@DACL=(02 0000)
"1"="ATS0=0<cr>"
"2"="None"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Settings]
@DACL=(02 0000)
"Prefix"="AT"
"Terminator"="<cr>"
"DialPrefix"="D"
"DialSuffix"=""
"Pulse"="P"
"Tone"="T"
"CallSetupFailTimer"="S7=<#>"
.
Completion time: 2009-08-10 23:05
ComboFix-quarantined-files.txt 2009-08-10 21:05
ComboFix2.txt 2009-08-10 20:46

Pre-Run: 78 511 185 920 octets libres
Post-Run: 78 468 538 368 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
493 --- E O F --- 2009-08-07 13:27
0
Réponse 11 / 11
phk30 Messages postés 1066 Statut Membre 75
 
bonsoir est ce que j'ouvre une autre aide sur le forum svp merci à bientot
0