Rapport de scan fait par hijackthis aidé moi
bibouille4513
Messages postés
44
Statut
Membre
-
pimprenelle27 -
pimprenelle27 -
Bonjour,
Je me permet de poster sur ce forum car j'ai un petit problème... a chaque démarrage de mon PC avast détecte un cheval de troi... j'ai télécharger hijackthis mais je n'arrive pas à comprendre le rapport ( trop complexe pour moi ).
j'aimerais avoir un peux d'aide pour m'aider a me débarrassé de ce virus ....
voici le rapport que j'obtiens :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:38, on 17/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ask.com/?o=14656&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MSPService] "C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Je me permet de poster sur ce forum car j'ai un petit problème... a chaque démarrage de mon PC avast détecte un cheval de troi... j'ai télécharger hijackthis mais je n'arrive pas à comprendre le rapport ( trop complexe pour moi ).
j'aimerais avoir un peux d'aide pour m'aider a me débarrassé de ce virus ....
voici le rapport que j'obtiens :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:38, on 17/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ask.com/?o=14656&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MSPService] "C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
A voir également:
- Rapport de scan fait par hijackthis aidé moi
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Scan qr code pc - Guide
- Plan rapport de stage - Guide
- Sfc scan - Guide
- Scan spotify - Guide
92 réponses
voici le rapport àprès l'étape 2 :
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz )
BIOS : Ver 1.00PARTTBL
USER : guillaume ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1201 [VPS 081228-0] 4.8.1201 (Activated)
C:\ (Local Disk) - NTFS - Total:141 Go (Free:40 Go)
D:\ (CD or DVD)
F:\ (Local Disk) - FAT32 - Total:232 Go (Free:101 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 18/08/2009|10:38 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\Users\GUILLA~1\AppData\Roaming\MICROS~1\Windows\Cookies\guillaume@advertstream[2].txt
Supprime! - C:\Users\GUILLA~1\AppData\Roaming\MICROS~1\Windows\Cookies\guillaume@d2.advertserve[1].txt
Supprime! - C:\Users\GUILLA~1\AppData\Roaming\MICROS~1\Windows\Cookies\guillaume@advertising[2].txt
Supprime! - C:\Users\GUILLA~1\AppData\Roaming\MICROS~1\Windows\Cookies\guillaume@bigpoint[1].txt
Supprime! - C:\Users\GUILLA~1\AppData\Roaming\MICROS~1\Windows\Cookies\guillaume@fr.deepolis.bigpoint[2].txt
Supprime! - C:\ProgramData\thunk eq eq.1ewh8
Supprime! - C:\ProgramData\thunk eq eq.3n91f
Supprime! - C:\ProgramData\thunk eq eq.awh9l
Supprime! - C:\ProgramData\thunk eq eq.bg1x3
Supprime! - C:\ProgramData\thunk eq eq.m9oyc
Supprime! - C:\ProgramData\thunk eq eq.tt1pw
Supprime! - C:\ProgramData\thunk eq eq.1o6twk
Supprime! - C:\ProgramData\thunk eq eq.hkagi7
Supprime! - C:\ProgramData\thunk eq eq.i6c7cd
Supprime! - C:\ProgramData\thunk eq eq.ntuccd
Supprime! - C:\ProgramData\thunk eq eq.2fz9j4o
Supprime! - C:\ProgramData\thunk eq eq.4z3bw46
Supprime! - C:\ProgramData\thunk eq eq.599kgce
Supprime! - C:\ProgramData\thunk eq eq.8lzu031
Supprime! - C:\ProgramData\thunk eq eq.u5b9t65
Supprime! - C:\ProgramData\Each New Axis Love
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[11/12/2007|22:57] C:\Users\GUILLA~1\AppData\Local\Adobe
[26/03/2008|19:57] C:\Users\GUILLA~1\AppData\Local\Ahead
[30/12/2007|20:37] C:\Users\GUILLA~1\AppData\Local\AOL
[09/12/2007|23:27] C:\Users\GUILLA~1\AppData\Local\Apple
[05/08/2008|12:20] C:\Users\GUILLA~1\AppData\Local\Apple Computer
[06/12/2007|18:17] C:\Users\GUILLA~1\AppData\Local\Application Data
[05/05/2008|10:17] C:\Users\GUILLA~1\AppData\Local\ApplicationHistory
[12/12/2007|01:02] C:\Users\GUILLA~1\AppData\Local\Apps
[07/12/2007|19:44] C:\Users\GUILLA~1\AppData\Local\CyberLink
[17/08/2009|01:18] C:\Users\GUILLA~1\AppData\Local\d3d9caps.dat
[17/08/2009|16:44] C:\Users\GUILLA~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[02/02/2009|16:31] C:\Users\GUILLA~1\AppData\Local\desktop.ini
[03/03/2008|22:15] C:\Users\GUILLA~1\AppData\Local\Downloaded Installations
[30/12/2007|17:43] C:\Users\GUILLA~1\AppData\Local\eMule
[06/12/2007|18:30] C:\Users\GUILLA~1\AppData\Local\fusioncache.dat
[16/08/2009|11:45] C:\Users\GUILLA~1\AppData\Local\GDIPFONTCACHEV1.DAT
[09/12/2007|21:29] C:\Users\GUILLA~1\AppData\Local\Google
[06/12/2007|18:17] C:\Users\GUILLA~1\AppData\Local\Historique
[17/08/2009|17:35] C:\Users\GUILLA~1\AppData\Local\IconCache.db
[11/12/2007|20:31] C:\Users\GUILLA~1\AppData\Local\MagicSports
[17/08/2009|17:12] C:\Users\GUILLA~1\AppData\Local\Microsoft
[08/12/2007|22:12] C:\Users\GUILLA~1\AppData\Local\Microsoft Games
[06/05/2008|20:45] C:\Users\GUILLA~1\AppData\Local\Microsoft Help
[14/05/2008|16:48] C:\Users\GUILLA~1\AppData\Local\MicroVision Applications
[06/12/2007|18:33] C:\Users\GUILLA~1\AppData\Local\Mozilla
[12/12/2007|01:18] C:\Users\GUILLA~1\AppData\Local\Packard Bell
[07/12/2007|19:43] C:\Users\GUILLA~1\AppData\Local\PowerCinema
[06/05/2008|20:03] C:\Users\GUILLA~1\AppData\Local\Seven Zip
[18/08/2009|10:38] C:\Users\GUILLA~1\AppData\Local\Temp
[06/12/2007|18:17] C:\Users\GUILLA~1\AppData\Local\Temporary Internet Files
[31/12/2007|20:00] C:\Users\GUILLA~1\AppData\Local\toaster
[17/08/2009|09:58] C:\Users\GUILLA~1\AppData\Local\uwuca.bat
[31/12/2007|13:14] C:\Users\GUILLA~1\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[18/08/2009 10:19][--a------] C:\Windows\tasks\GlaryInitialize.job
[18/08/2009 10:21][--a------] C:\Windows\tasks\Google Software Updater.job
[18/08/2009 10:36][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{78491DC8-4A2E-45E1-8258-5A29BF8BE11C}.job
[18/08/2009 10:30][--a------] C:\Windows\tasks\Extension de garantie.job
[18/08/2009 10:30][--a------] C:\Windows\tasks\Recovery DVD Creator.job
[18/08/2009 10:18][--ah-----] C:\Windows\tasks\SA.DAT
[17/08/2009 17:35][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[29/12/2008|00:41] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[12/02/2008|18:38] C:\ProgramData\Adobe
[03/04/2008|22:02] C:\ProgramData\AOL
[30/12/2007|20:37] C:\ProgramData\AOL Downloads
[09/12/2007|23:26] C:\ProgramData\Apple
[18/12/2007|00:45] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[03/03/2008|23:11] C:\ProgramData\AVS4YOU
[18/01/2008|15:17] C:\ProgramData\Bluetooth
[06/12/2007|18:16] C:\ProgramData\Bureau
[23/01/2008|13:31] C:\ProgramData\CanonBJ
[09/12/2007|22:12] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[30/12/2007|17:43] C:\ProgramData\eMule
[06/12/2007|18:16] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[09/02/2008|11:11] C:\ProgramData\GoBit Games
[15/08/2007|22:13] C:\ProgramData\Google
[18/08/2009|10:21] C:\ProgramData\Google Updater
[15/08/2007|22:12] C:\ProgramData\InstallShield
[03/04/2008|19:31] C:\ProgramData\LUUnInstall.LiveUpdate
[14/05/2008|11:35] C:\ProgramData\MAGIX
[17/08/2009|10:21] C:\ProgramData\Malwarebytes
[06/12/2007|18:16] C:\ProgramData\Menu D‚marrer
[14/01/2008|21:38] C:\ProgramData\Messenger Plus!
[27/04/2009|15:12] C:\ProgramData\MGS
[17/08/2009|00:56] C:\ProgramData\Microsoft
[16/08/2009|02:48] C:\ProgramData\Microsoft Help
[06/12/2007|18:16] C:\ProgramData\ModŠles
[09/12/2007|21:35] C:\ProgramData\Mozilla
[03/03/2008|23:25] C:\ProgramData\NCH Software
[27/03/2008|15:48] C:\ProgramData\Nero
[17/08/2009|17:34] C:\ProgramData\ntuser.pol
[16/08/2008|19:06] C:\ProgramData\Nurb mix bin
[01/08/2009|23:59] C:\ProgramData\Roxio
[03/04/2008|22:10] C:\ProgramData\Skype
[13/04/2008|15:41] C:\ProgramData\Sonic
[02/11/2006|15:02] C:\ProgramData\Start Menu
[03/04/2008|19:36] C:\ProgramData\Symantec
[29/12/2008|13:50] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[14/05/2008|15:03] C:\ProgramData\vsosdk
[24/08/2008|16:54] C:\ProgramData\Windows Genuine Advantage
[28/02/2008|20:32] C:\ProgramData\WLInstaller
[07/12/2007|11:27] C:\ProgramData\Xerox
[03/03/2008|22:18] C:\ProgramData\ywasvxup.hvs
--------------------\\ Listing des dossiers dans C:\Program Files
[30/06/2008|19:00] C:\Program Files\Adobe
[17/08/2009|15:28] C:\Program Files\Ad-remover
[21/05/2008|20:48] C:\Program Files\adslTV
[18/12/2007|18:09] C:\Program Files\AIM6
[14/05/2008|11:49] C:\Program Files\AIST
[09/03/2008|18:33] C:\Program Files\Alwil Software
[03/04/2008|22:01] C:\Program Files\AOL
[23/04/2008|13:22] C:\Program Files\Apple Software Update
[17/08/2009|17:28] C:\Program Files\AskBarDis
[19/09/2008|21:51] C:\Program Files\ATP
[20/03/2009|14:24] C:\Program Files\AVS4YOU
[05/02/2009|15:21] C:\Program Files\Bettalog
[12/09/2008|21:33] C:\Program Files\Bonjour
[16/02/2008|16:58] C:\Program Files\Camera Assistant Software Lite
[26/04/2008|15:34] C:\Program Files\CCleaner
[16/08/2009|21:58] C:\Program Files\Combined Community Codec Pack
[17/06/2009|11:41] C:\Program Files\Common Files
[15/08/2007|21:50] C:\Program Files\CONEXANT
[29/04/2009|15:31] C:\Program Files\CPUID
[15/08/2007|22:14] C:\Program Files\CyberLink
[15/08/2007|21:51] C:\Program Files\DIFX
[27/03/2008|15:34] C:\Program Files\DNA
[30/01/2008|18:54] C:\Program Files\Electronic Arts
[30/12/2007|17:43] C:\Program Files\eMule
[06/12/2007|18:16] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[21/02/2008|13:37] C:\Program Files\Gamenext
[17/08/2009|17:28] C:\Program Files\Glary Utilities
[21/02/2008|13:43] C:\Program Files\Google
[15/08/2007|22:05] C:\Program Files\HDReg
[29/04/2009|13:59] C:\Program Files\InstallShield Installation Information
[15/08/2007|21:52] C:\Program Files\Intel
[17/08/2009|01:48] C:\Program Files\Internet Explorer
[29/12/2008|00:41] C:\Program Files\iPod
[29/12/2008|00:41] C:\Program Files\iTunes
[29/04/2009|13:58] C:\Program Files\Java
[14/05/2008|11:35] C:\Program Files\MAGIX
[17/08/2009|10:21] C:\Program Files\Malwarebytes' Anti-Malware
[15/08/2007|21:55] C:\Program Files\Marvell
[09/06/2009|18:49] C:\Program Files\Messenger Plus! Live
[13/04/2009|11:27] C:\Program Files\Microsoft
[10/12/2007|18:59] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[06/05/2008|20:48] C:\Program Files\Microsoft Office
[01/08/2009|20:37] C:\Program Files\Microsoft Silverlight
[06/05/2008|20:48] C:\Program Files\Microsoft Visual Studio
[10/06/2009|15:03] C:\Program Files\Microsoft Works
[06/05/2008|20:47] C:\Program Files\Microsoft.NET
[31/10/2008|12:38] C:\Program Files\Movie Maker
[17/08/2009|15:42] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[11/12/2007|18:35] C:\Program Files\MSXML 4.0
[17/08/2009|17:12] C:\Program Files\Navilog1
[14/05/2008|13:09] C:\Program Files\NCH Software
[12/06/2008|10:25] C:\Program Files\Orange
[24/12/2007|12:18] C:\Program Files\Packard Bell
[05/10/2008|11:54] C:\Program Files\Picasa2
[07/06/2008|12:07] C:\Program Files\PIXELA
[31/12/2008|17:40] C:\Program Files\QuickTime
[22/05/2008|10:17] C:\Program Files\Real
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[02/02/2009|16:31] C:\Program Files\Roxio
[07/06/2008|12:07] C:\Program Files\Sony Corporation
[14/05/2008|11:26] C:\Program Files\Sony Setup
[21/07/2008|11:48] C:\Program Files\Sun
[03/04/2008|19:31] C:\Program Files\Symantec
[17/08/2009|10:35] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[31/03/2008|11:31] C:\Program Files\uTorrent
[16/12/2007|19:34] C:\Program Files\VideoLAN
[28/12/2007|02:22] C:\Program Files\Webteh
[31/10/2008|12:38] C:\Program Files\Windows Calendar
[31/10/2008|12:38] C:\Program Files\Windows Collaboration
[31/10/2008|12:38] C:\Program Files\Windows Defender
[31/10/2008|12:38] C:\Program Files\Windows Journal
[13/04/2009|11:27] C:\Program Files\Windows Live
[13/04/2009|11:27] C:\Program Files\Windows Live SkyDrive
[11/12/2007|22:10] C:\Program Files\Windows Live Toolbar
[13/08/2009|17:22] C:\Program Files\Windows Mail
[13/08/2009|17:23] C:\Program Files\Windows Media Player
[06/12/2007|18:16] C:\Program Files\Windows NT
[31/10/2008|12:38] C:\Program Files\Windows Photo Gallery
[31/10/2008|12:38] C:\Program Files\Windows Sidebar
[08/02/2008|22:20] C:\Program Files\WinRAR
[06/06/2008|09:52] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[12/02/2008|18:39] C:\Program Files\Common Files\Adobe
[04/04/2008|10:36] C:\Program Files\Common Files\AOL
[29/12/2008|00:41] C:\Program Files\Common Files\Apple
[16/02/2009|20:46] C:\Program Files\Common Files\AVSMedia
[06/05/2008|20:48] C:\Program Files\Common Files\DESIGNER
[15/08/2007|22:13] C:\Program Files\Common Files\InstallShield
[14/05/2008|11:35] C:\Program Files\Common Files\MAGIX Shared
[16/08/2009|02:47] C:\Program Files\Common Files\microsoft shared
[27/03/2008|15:48] C:\Program Files\Common Files\Nero
[12/12/2007|00:58] C:\Program Files\Common Files\PX Storage Engine
[22/05/2008|10:18] C:\Program Files\Common Files\Real
[15/08/2007|22:11] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[15/08/2007|22:11] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[15/08/2007|22:11] C:\Program Files\Common Files\SureThing Shared
[03/04/2008|19:36] C:\Program Files\Common Files\Symantec Shared
[16/08/2009|02:46] C:\Program Files\Common Files\System
[13/04/2009|11:18] C:\Program Files\Common Files\Windows Live
[12/12/2007|00:03] C:\Program Files\Common Files\WindowsLiveInstaller
[22/05/2008|10:18] C:\Program Files\Common Files\xing shared
--------------------\\ Process
( 61 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-18 10:38:50
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ ROGUES ..
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Spyware-Secure
[F:17][D:10]-> C:\Users\GUILLA~1\AppData\Local\Temp
[F:295][D:1]-> C:\Users\GUILLA~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2605][D:8]-> C:\Users\GUILLA~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:17][D:8]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 18/08/2009|10:24 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 18/08/2009|10:40 - Option : [2]
--------------------\\ Fin du rapport a 10:40:36
[ UAC => 1 ]
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz )
BIOS : Ver 1.00PARTTBL
USER : guillaume ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1201 [VPS 081228-0] 4.8.1201 (Activated)
C:\ (Local Disk) - NTFS - Total:141 Go (Free:40 Go)
D:\ (CD or DVD)
F:\ (Local Disk) - FAT32 - Total:232 Go (Free:101 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 18/08/2009|10:38 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\Users\GUILLA~1\AppData\Roaming\MICROS~1\Windows\Cookies\guillaume@advertstream[2].txt
Supprime! - C:\Users\GUILLA~1\AppData\Roaming\MICROS~1\Windows\Cookies\guillaume@d2.advertserve[1].txt
Supprime! - C:\Users\GUILLA~1\AppData\Roaming\MICROS~1\Windows\Cookies\guillaume@advertising[2].txt
Supprime! - C:\Users\GUILLA~1\AppData\Roaming\MICROS~1\Windows\Cookies\guillaume@bigpoint[1].txt
Supprime! - C:\Users\GUILLA~1\AppData\Roaming\MICROS~1\Windows\Cookies\guillaume@fr.deepolis.bigpoint[2].txt
Supprime! - C:\ProgramData\thunk eq eq.1ewh8
Supprime! - C:\ProgramData\thunk eq eq.3n91f
Supprime! - C:\ProgramData\thunk eq eq.awh9l
Supprime! - C:\ProgramData\thunk eq eq.bg1x3
Supprime! - C:\ProgramData\thunk eq eq.m9oyc
Supprime! - C:\ProgramData\thunk eq eq.tt1pw
Supprime! - C:\ProgramData\thunk eq eq.1o6twk
Supprime! - C:\ProgramData\thunk eq eq.hkagi7
Supprime! - C:\ProgramData\thunk eq eq.i6c7cd
Supprime! - C:\ProgramData\thunk eq eq.ntuccd
Supprime! - C:\ProgramData\thunk eq eq.2fz9j4o
Supprime! - C:\ProgramData\thunk eq eq.4z3bw46
Supprime! - C:\ProgramData\thunk eq eq.599kgce
Supprime! - C:\ProgramData\thunk eq eq.8lzu031
Supprime! - C:\ProgramData\thunk eq eq.u5b9t65
Supprime! - C:\ProgramData\Each New Axis Love
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[11/12/2007|22:57] C:\Users\GUILLA~1\AppData\Local\Adobe
[26/03/2008|19:57] C:\Users\GUILLA~1\AppData\Local\Ahead
[30/12/2007|20:37] C:\Users\GUILLA~1\AppData\Local\AOL
[09/12/2007|23:27] C:\Users\GUILLA~1\AppData\Local\Apple
[05/08/2008|12:20] C:\Users\GUILLA~1\AppData\Local\Apple Computer
[06/12/2007|18:17] C:\Users\GUILLA~1\AppData\Local\Application Data
[05/05/2008|10:17] C:\Users\GUILLA~1\AppData\Local\ApplicationHistory
[12/12/2007|01:02] C:\Users\GUILLA~1\AppData\Local\Apps
[07/12/2007|19:44] C:\Users\GUILLA~1\AppData\Local\CyberLink
[17/08/2009|01:18] C:\Users\GUILLA~1\AppData\Local\d3d9caps.dat
[17/08/2009|16:44] C:\Users\GUILLA~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[02/02/2009|16:31] C:\Users\GUILLA~1\AppData\Local\desktop.ini
[03/03/2008|22:15] C:\Users\GUILLA~1\AppData\Local\Downloaded Installations
[30/12/2007|17:43] C:\Users\GUILLA~1\AppData\Local\eMule
[06/12/2007|18:30] C:\Users\GUILLA~1\AppData\Local\fusioncache.dat
[16/08/2009|11:45] C:\Users\GUILLA~1\AppData\Local\GDIPFONTCACHEV1.DAT
[09/12/2007|21:29] C:\Users\GUILLA~1\AppData\Local\Google
[06/12/2007|18:17] C:\Users\GUILLA~1\AppData\Local\Historique
[17/08/2009|17:35] C:\Users\GUILLA~1\AppData\Local\IconCache.db
[11/12/2007|20:31] C:\Users\GUILLA~1\AppData\Local\MagicSports
[17/08/2009|17:12] C:\Users\GUILLA~1\AppData\Local\Microsoft
[08/12/2007|22:12] C:\Users\GUILLA~1\AppData\Local\Microsoft Games
[06/05/2008|20:45] C:\Users\GUILLA~1\AppData\Local\Microsoft Help
[14/05/2008|16:48] C:\Users\GUILLA~1\AppData\Local\MicroVision Applications
[06/12/2007|18:33] C:\Users\GUILLA~1\AppData\Local\Mozilla
[12/12/2007|01:18] C:\Users\GUILLA~1\AppData\Local\Packard Bell
[07/12/2007|19:43] C:\Users\GUILLA~1\AppData\Local\PowerCinema
[06/05/2008|20:03] C:\Users\GUILLA~1\AppData\Local\Seven Zip
[18/08/2009|10:38] C:\Users\GUILLA~1\AppData\Local\Temp
[06/12/2007|18:17] C:\Users\GUILLA~1\AppData\Local\Temporary Internet Files
[31/12/2007|20:00] C:\Users\GUILLA~1\AppData\Local\toaster
[17/08/2009|09:58] C:\Users\GUILLA~1\AppData\Local\uwuca.bat
[31/12/2007|13:14] C:\Users\GUILLA~1\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[18/08/2009 10:19][--a------] C:\Windows\tasks\GlaryInitialize.job
[18/08/2009 10:21][--a------] C:\Windows\tasks\Google Software Updater.job
[18/08/2009 10:36][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{78491DC8-4A2E-45E1-8258-5A29BF8BE11C}.job
[18/08/2009 10:30][--a------] C:\Windows\tasks\Extension de garantie.job
[18/08/2009 10:30][--a------] C:\Windows\tasks\Recovery DVD Creator.job
[18/08/2009 10:18][--ah-----] C:\Windows\tasks\SA.DAT
[17/08/2009 17:35][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[29/12/2008|00:41] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[12/02/2008|18:38] C:\ProgramData\Adobe
[03/04/2008|22:02] C:\ProgramData\AOL
[30/12/2007|20:37] C:\ProgramData\AOL Downloads
[09/12/2007|23:26] C:\ProgramData\Apple
[18/12/2007|00:45] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[03/03/2008|23:11] C:\ProgramData\AVS4YOU
[18/01/2008|15:17] C:\ProgramData\Bluetooth
[06/12/2007|18:16] C:\ProgramData\Bureau
[23/01/2008|13:31] C:\ProgramData\CanonBJ
[09/12/2007|22:12] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[30/12/2007|17:43] C:\ProgramData\eMule
[06/12/2007|18:16] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[09/02/2008|11:11] C:\ProgramData\GoBit Games
[15/08/2007|22:13] C:\ProgramData\Google
[18/08/2009|10:21] C:\ProgramData\Google Updater
[15/08/2007|22:12] C:\ProgramData\InstallShield
[03/04/2008|19:31] C:\ProgramData\LUUnInstall.LiveUpdate
[14/05/2008|11:35] C:\ProgramData\MAGIX
[17/08/2009|10:21] C:\ProgramData\Malwarebytes
[06/12/2007|18:16] C:\ProgramData\Menu D‚marrer
[14/01/2008|21:38] C:\ProgramData\Messenger Plus!
[27/04/2009|15:12] C:\ProgramData\MGS
[17/08/2009|00:56] C:\ProgramData\Microsoft
[16/08/2009|02:48] C:\ProgramData\Microsoft Help
[06/12/2007|18:16] C:\ProgramData\ModŠles
[09/12/2007|21:35] C:\ProgramData\Mozilla
[03/03/2008|23:25] C:\ProgramData\NCH Software
[27/03/2008|15:48] C:\ProgramData\Nero
[17/08/2009|17:34] C:\ProgramData\ntuser.pol
[16/08/2008|19:06] C:\ProgramData\Nurb mix bin
[01/08/2009|23:59] C:\ProgramData\Roxio
[03/04/2008|22:10] C:\ProgramData\Skype
[13/04/2008|15:41] C:\ProgramData\Sonic
[02/11/2006|15:02] C:\ProgramData\Start Menu
[03/04/2008|19:36] C:\ProgramData\Symantec
[29/12/2008|13:50] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[14/05/2008|15:03] C:\ProgramData\vsosdk
[24/08/2008|16:54] C:\ProgramData\Windows Genuine Advantage
[28/02/2008|20:32] C:\ProgramData\WLInstaller
[07/12/2007|11:27] C:\ProgramData\Xerox
[03/03/2008|22:18] C:\ProgramData\ywasvxup.hvs
--------------------\\ Listing des dossiers dans C:\Program Files
[30/06/2008|19:00] C:\Program Files\Adobe
[17/08/2009|15:28] C:\Program Files\Ad-remover
[21/05/2008|20:48] C:\Program Files\adslTV
[18/12/2007|18:09] C:\Program Files\AIM6
[14/05/2008|11:49] C:\Program Files\AIST
[09/03/2008|18:33] C:\Program Files\Alwil Software
[03/04/2008|22:01] C:\Program Files\AOL
[23/04/2008|13:22] C:\Program Files\Apple Software Update
[17/08/2009|17:28] C:\Program Files\AskBarDis
[19/09/2008|21:51] C:\Program Files\ATP
[20/03/2009|14:24] C:\Program Files\AVS4YOU
[05/02/2009|15:21] C:\Program Files\Bettalog
[12/09/2008|21:33] C:\Program Files\Bonjour
[16/02/2008|16:58] C:\Program Files\Camera Assistant Software Lite
[26/04/2008|15:34] C:\Program Files\CCleaner
[16/08/2009|21:58] C:\Program Files\Combined Community Codec Pack
[17/06/2009|11:41] C:\Program Files\Common Files
[15/08/2007|21:50] C:\Program Files\CONEXANT
[29/04/2009|15:31] C:\Program Files\CPUID
[15/08/2007|22:14] C:\Program Files\CyberLink
[15/08/2007|21:51] C:\Program Files\DIFX
[27/03/2008|15:34] C:\Program Files\DNA
[30/01/2008|18:54] C:\Program Files\Electronic Arts
[30/12/2007|17:43] C:\Program Files\eMule
[06/12/2007|18:16] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[21/02/2008|13:37] C:\Program Files\Gamenext
[17/08/2009|17:28] C:\Program Files\Glary Utilities
[21/02/2008|13:43] C:\Program Files\Google
[15/08/2007|22:05] C:\Program Files\HDReg
[29/04/2009|13:59] C:\Program Files\InstallShield Installation Information
[15/08/2007|21:52] C:\Program Files\Intel
[17/08/2009|01:48] C:\Program Files\Internet Explorer
[29/12/2008|00:41] C:\Program Files\iPod
[29/12/2008|00:41] C:\Program Files\iTunes
[29/04/2009|13:58] C:\Program Files\Java
[14/05/2008|11:35] C:\Program Files\MAGIX
[17/08/2009|10:21] C:\Program Files\Malwarebytes' Anti-Malware
[15/08/2007|21:55] C:\Program Files\Marvell
[09/06/2009|18:49] C:\Program Files\Messenger Plus! Live
[13/04/2009|11:27] C:\Program Files\Microsoft
[10/12/2007|18:59] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[06/05/2008|20:48] C:\Program Files\Microsoft Office
[01/08/2009|20:37] C:\Program Files\Microsoft Silverlight
[06/05/2008|20:48] C:\Program Files\Microsoft Visual Studio
[10/06/2009|15:03] C:\Program Files\Microsoft Works
[06/05/2008|20:47] C:\Program Files\Microsoft.NET
[31/10/2008|12:38] C:\Program Files\Movie Maker
[17/08/2009|15:42] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[11/12/2007|18:35] C:\Program Files\MSXML 4.0
[17/08/2009|17:12] C:\Program Files\Navilog1
[14/05/2008|13:09] C:\Program Files\NCH Software
[12/06/2008|10:25] C:\Program Files\Orange
[24/12/2007|12:18] C:\Program Files\Packard Bell
[05/10/2008|11:54] C:\Program Files\Picasa2
[07/06/2008|12:07] C:\Program Files\PIXELA
[31/12/2008|17:40] C:\Program Files\QuickTime
[22/05/2008|10:17] C:\Program Files\Real
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[02/02/2009|16:31] C:\Program Files\Roxio
[07/06/2008|12:07] C:\Program Files\Sony Corporation
[14/05/2008|11:26] C:\Program Files\Sony Setup
[21/07/2008|11:48] C:\Program Files\Sun
[03/04/2008|19:31] C:\Program Files\Symantec
[17/08/2009|10:35] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[31/03/2008|11:31] C:\Program Files\uTorrent
[16/12/2007|19:34] C:\Program Files\VideoLAN
[28/12/2007|02:22] C:\Program Files\Webteh
[31/10/2008|12:38] C:\Program Files\Windows Calendar
[31/10/2008|12:38] C:\Program Files\Windows Collaboration
[31/10/2008|12:38] C:\Program Files\Windows Defender
[31/10/2008|12:38] C:\Program Files\Windows Journal
[13/04/2009|11:27] C:\Program Files\Windows Live
[13/04/2009|11:27] C:\Program Files\Windows Live SkyDrive
[11/12/2007|22:10] C:\Program Files\Windows Live Toolbar
[13/08/2009|17:22] C:\Program Files\Windows Mail
[13/08/2009|17:23] C:\Program Files\Windows Media Player
[06/12/2007|18:16] C:\Program Files\Windows NT
[31/10/2008|12:38] C:\Program Files\Windows Photo Gallery
[31/10/2008|12:38] C:\Program Files\Windows Sidebar
[08/02/2008|22:20] C:\Program Files\WinRAR
[06/06/2008|09:52] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[12/02/2008|18:39] C:\Program Files\Common Files\Adobe
[04/04/2008|10:36] C:\Program Files\Common Files\AOL
[29/12/2008|00:41] C:\Program Files\Common Files\Apple
[16/02/2009|20:46] C:\Program Files\Common Files\AVSMedia
[06/05/2008|20:48] C:\Program Files\Common Files\DESIGNER
[15/08/2007|22:13] C:\Program Files\Common Files\InstallShield
[14/05/2008|11:35] C:\Program Files\Common Files\MAGIX Shared
[16/08/2009|02:47] C:\Program Files\Common Files\microsoft shared
[27/03/2008|15:48] C:\Program Files\Common Files\Nero
[12/12/2007|00:58] C:\Program Files\Common Files\PX Storage Engine
[22/05/2008|10:18] C:\Program Files\Common Files\Real
[15/08/2007|22:11] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[15/08/2007|22:11] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[15/08/2007|22:11] C:\Program Files\Common Files\SureThing Shared
[03/04/2008|19:36] C:\Program Files\Common Files\Symantec Shared
[16/08/2009|02:46] C:\Program Files\Common Files\System
[13/04/2009|11:18] C:\Program Files\Common Files\Windows Live
[12/12/2007|00:03] C:\Program Files\Common Files\WindowsLiveInstaller
[22/05/2008|10:18] C:\Program Files\Common Files\xing shared
--------------------\\ Process
( 61 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-18 10:38:50
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ ROGUES ..
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Spyware-Secure
[F:17][D:10]-> C:\Users\GUILLA~1\AppData\Local\Temp
[F:295][D:1]-> C:\Users\GUILLA~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2605][D:8]-> C:\Users\GUILLA~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:17][D:8]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 18/08/2009|10:24 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 18/08/2009|10:40 - Option : [2]
--------------------\\ Fin du rapport a 10:40:36
[ UAC => 1 ]
voici le rapport navilog:
Fix Navipromo version 4.0.1 commencé le 18/08/2009 10:59:57,23
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 18.07.2009 à 11h00 par IL-MAFIOSO
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz )
BIOS : Ver 1.00PARTTBL
USER : guillaume ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1201 [VPS 081228-0] 4.8.1201 (Activated)
C:\ (Local Disk) - NTFS - Total:141 Go (Free:45 Go)
D:\ (CD or DVD)
F:\ (Local Disk) - FAT32 - Total:232 Go (Free:101 Go)
Recherche executée en mode normal
[b]Aucune Infection Navipromo/Egdaccess trouvé/b
*** Scan terminé 18/08/2009 11:13:46,71 ***
Fix Navipromo version 4.0.1 commencé le 18/08/2009 10:59:57,23
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 18.07.2009 à 11h00 par IL-MAFIOSO
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz )
BIOS : Ver 1.00PARTTBL
USER : guillaume ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1201 [VPS 081228-0] 4.8.1201 (Activated)
C:\ (Local Disk) - NTFS - Total:141 Go (Free:45 Go)
D:\ (CD or DVD)
F:\ (Local Disk) - FAT32 - Total:232 Go (Free:101 Go)
Recherche executée en mode normal
[b]Aucune Infection Navipromo/Egdaccess trouvé/b
*** Scan terminé 18/08/2009 11:13:46,71 ***
telecharge avg antirootkit
http://static.commentcamarche.net/www.commentcamarche.net/download/files/avgarkt-setup-1.1.0.42.exe
et fait une recherche stp
http://static.commentcamarche.net/www.commentcamarche.net/download/files/avgarkt-setup-1.1.0.42.exe
et fait une recherche stp
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
pendant ce temps
fait moi ca stp
Télécharge SmitfraudFix : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
http://siri.urz.free.fr/Fix/SmitfraudFix.php
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse stp.
Tutoriel ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php
fait moi ca stp
Télécharge SmitfraudFix : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
http://siri.urz.free.fr/Fix/SmitfraudFix.php
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse stp.
Tutoriel ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php
voici le rapport :
SmitFraudFix v2.423
Scan done at 12:42:55,43, 18/08/2009
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\guillaume
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\GUILLA~1\AppData\Local\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\guillaume\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\GUILLA~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Google\googletoolbar1.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~3\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) Wireless WiFi Link 4965AGN
DNS Server Search Order: 84.103.237.144
DNS Server Search Order: 86.64.145.144
HKLM\SYSTEM\CCS\Services\Tcpip\..\{608BF5F8-C376-4FA5-8C9F-07F90549E5C8}: DhcpNameServer=84.103.237.144 86.64.145.144
HKLM\SYSTEM\CS1\Services\Tcpip\..\{608BF5F8-C376-4FA5-8C9F-07F90549E5C8}: DhcpNameServer=84.103.237.144 86.64.145.144
HKLM\SYSTEM\CS3\Services\Tcpip\..\{608BF5F8-C376-4FA5-8C9F-07F90549E5C8}: DhcpNameServer=84.103.237.144 86.64.145.144
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=84.103.237.144 86.64.145.144
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=84.103.237.144 86.64.145.144
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=84.103.237.144 86.64.145.144
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
SmitFraudFix v2.423
Scan done at 12:42:55,43, 18/08/2009
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\guillaume
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\GUILLA~1\AppData\Local\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\guillaume\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\GUILLA~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Google\googletoolbar1.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~3\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) Wireless WiFi Link 4965AGN
DNS Server Search Order: 84.103.237.144
DNS Server Search Order: 86.64.145.144
HKLM\SYSTEM\CCS\Services\Tcpip\..\{608BF5F8-C376-4FA5-8C9F-07F90549E5C8}: DhcpNameServer=84.103.237.144 86.64.145.144
HKLM\SYSTEM\CS1\Services\Tcpip\..\{608BF5F8-C376-4FA5-8C9F-07F90549E5C8}: DhcpNameServer=84.103.237.144 86.64.145.144
HKLM\SYSTEM\CS3\Services\Tcpip\..\{608BF5F8-C376-4FA5-8C9F-07F90549E5C8}: DhcpNameServer=84.103.237.144 86.64.145.144
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=84.103.237.144 86.64.145.144
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=84.103.237.144 86.64.145.144
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=84.103.237.144 86.64.145.144
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
bien , aprés renseignement auprés des helpers , merci jlpjlp,
voici la procedure
Télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.
(attention bien mettre :files)
:processes
explorer.exe
:files
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Spyware-Secure
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
voici la procedure
Télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.
(attention bien mettre :files)
:processes
explorer.exe
:files
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Spyware-Secure
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
dsl je n'étais pas chez moi cette après midi !!
voici le rapport :
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Spyware-Secure not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJA0MGB6\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2IOK8KY\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CH3E6B4\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GWGA1A3\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJA0MGB6\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2IOK8KY\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CH3E6B4\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GWGA1A3\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: guillaume
File delete failed. C:\Users\guillaume\AppData\Local\Temp\~DFC003.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\guillaume\AppData\Local\Temp\~DFC610.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 44036003 bytes
->Temporary Internet Files folder emptied: 95742864 bytes
->Java cache emptied: 16303782 bytes
->FireFox cache emptied: 59644708 bytes
->Apple Safari cache emptied: 32040756 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 236,35 mb
OTM by OldTimer - Version 3.0.0.6 log created on 08182009_213029
voici le rapport :
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Spyware-Secure not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJA0MGB6\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2IOK8KY\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CH3E6B4\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GWGA1A3\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJA0MGB6\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2IOK8KY\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CH3E6B4\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GWGA1A3\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: guillaume
File delete failed. C:\Users\guillaume\AppData\Local\Temp\~DFC003.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\guillaume\AppData\Local\Temp\~DFC610.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 44036003 bytes
->Temporary Internet Files folder emptied: 95742864 bytes
->Java cache emptied: 16303782 bytes
->FireFox cache emptied: 59644708 bytes
->Apple Safari cache emptied: 32040756 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 236,35 mb
OTM by OldTimer - Version 3.0.0.6 log created on 08182009_213029
curieux ?
on essai une derniere possibilité
combofix
Télécharge combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt
Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
arrete les anti virus et autres protection pendand l'analyse
Pendant la durée de l'analyse ne te sert pas de ton pc
une fois l'analyse terminé ,remet toute tes protections antivirus et antispywares
on essai une derniere possibilité
combofix
Télécharge combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt
Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
arrete les anti virus et autres protection pendand l'analyse
Pendant la durée de l'analyse ne te sert pas de ton pc
une fois l'analyse terminé ,remet toute tes protections antivirus et antispywares
bonjour, dsl mais ce matin c'était grasse matiné !!
j'arrive a ouvrir combiFix, je me déconnecte de internet et ferme avast mais j'ai ce message qui s'affiche :
" Were you trying to run CFScript
The name, CFScript appears to be incorrectly. spelt"
je ne peut que cliqué sur "ok" et cela me ferme conboFix!
voila donc je ne peut pas faire de scan
j'arrive a ouvrir combiFix, je me déconnecte de internet et ferme avast mais j'ai ce message qui s'affiche :
" Were you trying to run CFScript
The name, CFScript appears to be incorrectly. spelt"
je ne peut que cliqué sur "ok" et cela me ferme conboFix!
voila donc je ne peut pas faire de scan
Désactivez le Contrôle d'Accès Utilisateur VISTA
Pour cela,
--> déroulez le menu Vista,
-->choisirPanneau de configuration,
-->clique sur Comptes d'utilisateurs et protection des utilisateurs
-->puis sur Comptes d'utilisateur.
Clique sur la mention Activer ou désactiver le contrôle des comptes utilisateurs.
-->Clique une dernière fois sur Continuer pour confirmer.
-->Décoche Utiliser le contrôle des comptes utilisateurs pour vous aider à protéger votre ordinateur,
-->clique sur OK puis sur le bouton Redémarrer maintenant.
puis clic droit sur combofix demarrer en tant qu'administrateur
Pour cela,
--> déroulez le menu Vista,
-->choisirPanneau de configuration,
-->clique sur Comptes d'utilisateurs et protection des utilisateurs
-->puis sur Comptes d'utilisateur.
Clique sur la mention Activer ou désactiver le contrôle des comptes utilisateurs.
-->Clique une dernière fois sur Continuer pour confirmer.
-->Décoche Utiliser le contrôle des comptes utilisateurs pour vous aider à protéger votre ordinateur,
-->clique sur OK puis sur le bouton Redémarrer maintenant.
puis clic droit sur combofix demarrer en tant qu'administrateur
voici le rapport obtenu avec comboFix:
ComboFix 09-08-18.01 - guillaume 19/08/2009 13:56.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2038.1259 [GMT 2:00]
Running from: c:\users\guillaume\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 081228-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1201 [VPS 081228-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-260555201-1564067638-1018481237-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk
c:\users\guillaume\AppData\Roaming\inst.exe
c:\windows\Cursors\aero_link.cur
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.
2009-08-19 12:02 . 2009-08-19 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-18 19:30 . 2009-08-18 19:30 -------- d-----w- C:\_OTM
2009-08-18 10:42 . 2009-08-18 10:43 -------- d-----w- c:\windows\system32\SmitfraudFix
2009-08-18 09:38 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2009-08-18 08:20 . 2009-08-18 08:40 -------- d-----w- C:\Lop SD
2009-08-17 15:32 . 2009-08-17 15:32 -------- d-----w- c:\users\guillaume\AppData\Roaming\GlarySoft
2009-08-17 15:28 . 2009-08-17 15:28 -------- d-----w- c:\program files\AskBarDis
2009-08-17 15:28 . 2009-08-17 15:28 -------- d-----w- c:\program files\Glary Utilities
2009-08-17 12:53 . 2009-08-17 13:42 -------- d-----w- C:\ToolBar SD
2009-08-17 12:29 . 2009-08-17 13:28 -------- d-----w- c:\program files\Ad-remover
2009-08-17 10:43 . 2009-08-17 10:43 -------- d-----w- C:\NavmanUpdates
2009-08-17 08:46 . 2009-08-17 08:46 -------- d-----w- c:\windows\BDOSCAN8
2009-08-17 08:35 . 2009-08-17 08:35 -------- d-----w- c:\program files\Trend Micro
2009-08-17 08:21 . 2009-08-17 08:21 -------- d-----w- c:\users\guillaume\AppData\Roaming\Malwarebytes
2009-08-17 08:21 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-17 08:21 . 2009-08-17 08:21 -------- d-----w- c:\programdata\Malwarebytes
2009-08-17 08:21 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-17 08:21 . 2009-08-17 08:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 08:06 . 2009-08-18 09:13 -------- d-----w- c:\program files\Navilog1
2009-08-16 22:32 . 2009-08-19 11:52 -------- d-----w- c:\users\guillaume\Tracing
2009-08-16 00:35 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-16 00:35 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-16 00:35 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-16 00:35 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-16 00:35 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-16 00:35 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-16 00:35 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-16 00:30 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-16 00:30 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-16 00:30 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-16 00:29 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-16 00:29 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-15 21:45 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-15 21:45 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-15 21:45 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-15 21:45 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-15 21:45 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-15 21:45 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-15 21:45 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-15 21:45 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-13 15:15 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 15:15 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 15:15 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 15:15 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 15:15 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 15:15 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 15:15 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 15:15 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 09:22 . 2007-12-09 19:33 -------- d-----w- c:\programdata\Google Updater
2009-08-19 07:42 . 2007-12-07 11:09 27715 ----a-w- c:\users\guillaume\AppData\Roaming\nvModes.dat
2009-08-17 09:34 . 2007-12-09 21:29 -------- d-----w- c:\users\guillaume\AppData\Roaming\Apple Computer
2009-08-17 07:58 . 2009-01-23 17:19 92 ----a-w- c:\users\guillaume\AppData\Local\uwuca.bat
2009-08-16 23:18 . 2007-12-10 18:44 1356 ----a-w- c:\users\guillaume\AppData\Local\d3d9caps.dat
2009-08-16 19:58 . 2009-03-22 15:01 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-08-16 09:45 . 2007-12-06 16:29 99752 ----a-w- c:\users\guillaume\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-16 09:43 . 2007-08-16 05:04 678956 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-16 09:43 . 2007-08-16 05:04 128004 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-16 00:48 . 2007-08-15 20:19 -------- d-----w- c:\programdata\Microsoft Help
2009-08-13 15:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-01 21:59 . 2007-08-15 20:11 -------- d-----w- c:\programdata\Roxio
2009-08-01 18:37 . 2008-04-03 20:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 16:06 . 2009-07-31 08:43 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-31 08:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-31 08:43 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-15 15:24 . 2009-07-15 09:46 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 09:46 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 09:46 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 09:46 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-05-01 20:11 . 2008-05-01 20:11 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-01-01 15:55 . 2007-12-30 18:45 1667104 --sha-w- c:\windows\System32\drivers\fidbox.dat
2007-08-16 05:10 . 2007-08-16 05:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 15:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"MSPService"="c:\program files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-23 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3179240D-96B3-4706-8097-C4474DA685D5}"= c:\program files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"TCP Query User{D000DD11-DA01-421D-9F43-2BE6AC1F2839}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus
"UDP Query User{0EA63880-49DF-4BE6-807F-71E52E8BBAE3}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus
"TCP Query User{C210EF78-3560-493F-8B07-DEFA2CAA8B47}c:\\program files\\overnet\\overnet.exe"= UDP:c:\program files\overnet\overnet.exe:Overnet Application
"UDP Query User{DE68FD8D-39C2-46BF-88BF-09C18F8E15B3}c:\\program files\\overnet\\overnet.exe"= TCP:c:\program files\overnet\overnet.exe:Overnet Application
"{D9386D21-387D-47FB-8C7A-B42B6B07B04F}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{A1DE3D53-1AA0-46C7-9918-30525638D173}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{F41378E6-4C8A-41F6-97DC-E6F9841D28A5}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{81402CC7-F9FD-4EDC-9436-E40DCF9BF436}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{BF6E478F-B7B6-41AC-A9E2-3B3847A37445}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{08535868-77A2-4C64-BE52-59409484B737}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"{E414D3B8-D112-4F94-B6C2-E6DD5604885A}"= UDP:c:\program files\MediaCoder\mediacoder.exe:MediaCoder
"{C0C1F692-661F-48FC-B6A6-D2F097C93982}"= TCP:c:\program files\MediaCoder\mediacoder.exe:MediaCoder
"{34251639-40BF-427E-8782-D8399099B5EE}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{C171E481-3806-46B0-B32D-F3C2D9743ACF}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{13C2370B-81E3-4BF1-997A-B61A86B0F37B}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{73577895-AFDA-403C-BEBF-06BBEA891C4F}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{73B32804-1EE9-4884-9DC7-E66716D2232E}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3EF42F70-B66E-40F2-A20F-248F4FD7AE74}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{798DE71A-72B3-41F5-A428-559159AA0A18}c:\\users\\guillaume\\program files\\dna\\btdna.exe"= UDP:c:\users\guillaume\program files\dna\btdna.exe:btdna.exe
"UDP Query User{3E16B93F-229C-4D67-A36F-A109EFCC8D52}c:\\users\\guillaume\\program files\\dna\\btdna.exe"= TCP:c:\users\guillaume\program files\dna\btdna.exe:btdna.exe
"TCP Query User{A39870E2-2369-4454-820F-CD398795F9A1}c:\\users\\guillaume\\desktop\\utorrent.exe"= UDP:c:\users\guillaume\desktop\utorrent.exe:utorrent.exe
"UDP Query User{4536FEBE-4050-4C9B-826B-10C4EF7270AA}c:\\users\\guillaume\\desktop\\utorrent.exe"= TCP:c:\users\guillaume\desktop\utorrent.exe:utorrent.exe
"{40FA2DF6-A78F-46C8-AD15-54A90033A4D7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BD8A2A75-8EF0-457C-BCCE-978A9606AA6F}c:\\program files\\adsltv\\vlc.exe"= UDP:c:\program files\adsltv\vlc.exe:VLC media player
"UDP Query User{0FF44E6A-79B7-4D04-95F6-63DB304F1B8A}c:\\program files\\adsltv\\vlc.exe"= TCP:c:\program files\adsltv\vlc.exe:VLC media player
"TCP Query User{91A690FA-CA9F-40A3-9717-F8F98204FDB5}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{5A259E50-FF51-47C8-BAB5-8DBAC9E6CC42}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{E18988F9-2978-45B2-BB68-F1516C00C469}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{07E7DEC6-0B06-4DC5-A792-E1412ADA8BA1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BDC51C54-237D-4F67-BA8A-88D9FD72F716}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FFB3C2FE-655A-429F-8B43-EC6F26D8EE3C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [09/05/2008 19:30 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [09/05/2008 19:30 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [09/05/2008 19:29 51792]
S3 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [29/04/2009 15:31 12672]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15/08/2007 22:12 29744]
S3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [15/08/2007 21:51 46592]
.
Contents of the 'Scheduled Tasks' folder
2009-08-19 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-08-15 16:38]
2009-08-19 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-17 08:30]
2009-08-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-15 20:04]
2009-08-19 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-08-15 16:34]
2009-08-19 c:\windows\Tasks\User_Feed_Synchronization-{78491DC8-4A2E-45E1-8258-5A29BF8BE11C}.job
- c:\windows\system32\msfeedssync.exe [2008-09-24 07:33]
.
.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\pxfo6d7w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\adslTV\npvlc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npornap.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 14:03
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-08-19 14:05
ComboFix-quarantined-files.txt 2009-08-19 12:05
Pre-Run: 51 006 103 552 octets libres
Post-Run: 50 894 413 824 octets libres
245 --- E O F --- 2009-08-18 08:25
ComboFix 09-08-18.01 - guillaume 19/08/2009 13:56.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2038.1259 [GMT 2:00]
Running from: c:\users\guillaume\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 081228-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1201 [VPS 081228-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-260555201-1564067638-1018481237-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk
c:\users\guillaume\AppData\Roaming\inst.exe
c:\windows\Cursors\aero_link.cur
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.
2009-08-19 12:02 . 2009-08-19 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-18 19:30 . 2009-08-18 19:30 -------- d-----w- C:\_OTM
2009-08-18 10:42 . 2009-08-18 10:43 -------- d-----w- c:\windows\system32\SmitfraudFix
2009-08-18 09:38 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2009-08-18 08:20 . 2009-08-18 08:40 -------- d-----w- C:\Lop SD
2009-08-17 15:32 . 2009-08-17 15:32 -------- d-----w- c:\users\guillaume\AppData\Roaming\GlarySoft
2009-08-17 15:28 . 2009-08-17 15:28 -------- d-----w- c:\program files\AskBarDis
2009-08-17 15:28 . 2009-08-17 15:28 -------- d-----w- c:\program files\Glary Utilities
2009-08-17 12:53 . 2009-08-17 13:42 -------- d-----w- C:\ToolBar SD
2009-08-17 12:29 . 2009-08-17 13:28 -------- d-----w- c:\program files\Ad-remover
2009-08-17 10:43 . 2009-08-17 10:43 -------- d-----w- C:\NavmanUpdates
2009-08-17 08:46 . 2009-08-17 08:46 -------- d-----w- c:\windows\BDOSCAN8
2009-08-17 08:35 . 2009-08-17 08:35 -------- d-----w- c:\program files\Trend Micro
2009-08-17 08:21 . 2009-08-17 08:21 -------- d-----w- c:\users\guillaume\AppData\Roaming\Malwarebytes
2009-08-17 08:21 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-17 08:21 . 2009-08-17 08:21 -------- d-----w- c:\programdata\Malwarebytes
2009-08-17 08:21 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-17 08:21 . 2009-08-17 08:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 08:06 . 2009-08-18 09:13 -------- d-----w- c:\program files\Navilog1
2009-08-16 22:32 . 2009-08-19 11:52 -------- d-----w- c:\users\guillaume\Tracing
2009-08-16 00:35 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-16 00:35 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-16 00:35 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-16 00:35 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-16 00:35 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-16 00:35 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-16 00:35 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-16 00:30 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-16 00:30 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-16 00:30 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-16 00:29 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-16 00:29 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-15 21:45 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-15 21:45 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-15 21:45 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-15 21:45 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-15 21:45 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-15 21:45 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-15 21:45 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-15 21:45 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-13 15:15 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 15:15 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 15:15 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 15:15 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 15:15 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 15:15 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 15:15 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 15:15 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 09:22 . 2007-12-09 19:33 -------- d-----w- c:\programdata\Google Updater
2009-08-19 07:42 . 2007-12-07 11:09 27715 ----a-w- c:\users\guillaume\AppData\Roaming\nvModes.dat
2009-08-17 09:34 . 2007-12-09 21:29 -------- d-----w- c:\users\guillaume\AppData\Roaming\Apple Computer
2009-08-17 07:58 . 2009-01-23 17:19 92 ----a-w- c:\users\guillaume\AppData\Local\uwuca.bat
2009-08-16 23:18 . 2007-12-10 18:44 1356 ----a-w- c:\users\guillaume\AppData\Local\d3d9caps.dat
2009-08-16 19:58 . 2009-03-22 15:01 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-08-16 09:45 . 2007-12-06 16:29 99752 ----a-w- c:\users\guillaume\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-16 09:43 . 2007-08-16 05:04 678956 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-16 09:43 . 2007-08-16 05:04 128004 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-16 00:48 . 2007-08-15 20:19 -------- d-----w- c:\programdata\Microsoft Help
2009-08-13 15:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-01 21:59 . 2007-08-15 20:11 -------- d-----w- c:\programdata\Roxio
2009-08-01 18:37 . 2008-04-03 20:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 16:06 . 2009-07-31 08:43 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-31 08:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-31 08:43 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-15 15:24 . 2009-07-15 09:46 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 09:46 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 09:46 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 09:46 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-05-01 20:11 . 2008-05-01 20:11 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-01-01 15:55 . 2007-12-30 18:45 1667104 --sha-w- c:\windows\System32\drivers\fidbox.dat
2007-08-16 05:10 . 2007-08-16 05:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 15:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"MSPService"="c:\program files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-23 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3179240D-96B3-4706-8097-C4474DA685D5}"= c:\program files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"TCP Query User{D000DD11-DA01-421D-9F43-2BE6AC1F2839}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus
"UDP Query User{0EA63880-49DF-4BE6-807F-71E52E8BBAE3}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus
"TCP Query User{C210EF78-3560-493F-8B07-DEFA2CAA8B47}c:\\program files\\overnet\\overnet.exe"= UDP:c:\program files\overnet\overnet.exe:Overnet Application
"UDP Query User{DE68FD8D-39C2-46BF-88BF-09C18F8E15B3}c:\\program files\\overnet\\overnet.exe"= TCP:c:\program files\overnet\overnet.exe:Overnet Application
"{D9386D21-387D-47FB-8C7A-B42B6B07B04F}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{A1DE3D53-1AA0-46C7-9918-30525638D173}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{F41378E6-4C8A-41F6-97DC-E6F9841D28A5}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{81402CC7-F9FD-4EDC-9436-E40DCF9BF436}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{BF6E478F-B7B6-41AC-A9E2-3B3847A37445}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{08535868-77A2-4C64-BE52-59409484B737}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"{E414D3B8-D112-4F94-B6C2-E6DD5604885A}"= UDP:c:\program files\MediaCoder\mediacoder.exe:MediaCoder
"{C0C1F692-661F-48FC-B6A6-D2F097C93982}"= TCP:c:\program files\MediaCoder\mediacoder.exe:MediaCoder
"{34251639-40BF-427E-8782-D8399099B5EE}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{C171E481-3806-46B0-B32D-F3C2D9743ACF}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{13C2370B-81E3-4BF1-997A-B61A86B0F37B}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{73577895-AFDA-403C-BEBF-06BBEA891C4F}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{73B32804-1EE9-4884-9DC7-E66716D2232E}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3EF42F70-B66E-40F2-A20F-248F4FD7AE74}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{798DE71A-72B3-41F5-A428-559159AA0A18}c:\\users\\guillaume\\program files\\dna\\btdna.exe"= UDP:c:\users\guillaume\program files\dna\btdna.exe:btdna.exe
"UDP Query User{3E16B93F-229C-4D67-A36F-A109EFCC8D52}c:\\users\\guillaume\\program files\\dna\\btdna.exe"= TCP:c:\users\guillaume\program files\dna\btdna.exe:btdna.exe
"TCP Query User{A39870E2-2369-4454-820F-CD398795F9A1}c:\\users\\guillaume\\desktop\\utorrent.exe"= UDP:c:\users\guillaume\desktop\utorrent.exe:utorrent.exe
"UDP Query User{4536FEBE-4050-4C9B-826B-10C4EF7270AA}c:\\users\\guillaume\\desktop\\utorrent.exe"= TCP:c:\users\guillaume\desktop\utorrent.exe:utorrent.exe
"{40FA2DF6-A78F-46C8-AD15-54A90033A4D7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BD8A2A75-8EF0-457C-BCCE-978A9606AA6F}c:\\program files\\adsltv\\vlc.exe"= UDP:c:\program files\adsltv\vlc.exe:VLC media player
"UDP Query User{0FF44E6A-79B7-4D04-95F6-63DB304F1B8A}c:\\program files\\adsltv\\vlc.exe"= TCP:c:\program files\adsltv\vlc.exe:VLC media player
"TCP Query User{91A690FA-CA9F-40A3-9717-F8F98204FDB5}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{5A259E50-FF51-47C8-BAB5-8DBAC9E6CC42}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{E18988F9-2978-45B2-BB68-F1516C00C469}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{07E7DEC6-0B06-4DC5-A792-E1412ADA8BA1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BDC51C54-237D-4F67-BA8A-88D9FD72F716}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FFB3C2FE-655A-429F-8B43-EC6F26D8EE3C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [09/05/2008 19:30 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [09/05/2008 19:30 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [09/05/2008 19:29 51792]
S3 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [29/04/2009 15:31 12672]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15/08/2007 22:12 29744]
S3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [15/08/2007 21:51 46592]
.
Contents of the 'Scheduled Tasks' folder
2009-08-19 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-08-15 16:38]
2009-08-19 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-17 08:30]
2009-08-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-15 20:04]
2009-08-19 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-08-15 16:34]
2009-08-19 c:\windows\Tasks\User_Feed_Synchronization-{78491DC8-4A2E-45E1-8258-5A29BF8BE11C}.job
- c:\windows\system32\msfeedssync.exe [2008-09-24 07:33]
.
.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\pxfo6d7w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\adslTV\npvlc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npornap.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 14:03
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-08-19 14:05
ComboFix-quarantined-files.txt 2009-08-19 12:05
Pre-Run: 51 006 103 552 octets libres
Post-Run: 50 894 413 824 octets libres
245 --- E O F --- 2009-08-18 08:25
voici le deuxième apport , mais j'ai du éteindre l'ordinateur car je n'arrivais plus a ouvrir mozilla ou internet explorer sa me disais qu'ils avaient été placé dans un dossier de suppression ...enfin quelques chose dans ce style .... mais bon maintenant cela marche :)
ComboFix 09-08-18.01 - guillaume 19/08/2009 13:56.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2038.1259 [GMT 2:00]
Running from: c:\users\guillaume\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 081228-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1201 [VPS 081228-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-260555201-1564067638-1018481237-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk
c:\users\guillaume\AppData\Roaming\inst.exe
c:\windows\Cursors\aero_link.cur
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.
2009-08-19 12:02 . 2009-08-19 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-18 19:30 . 2009-08-18 19:30 -------- d-----w- C:\_OTM
2009-08-18 10:42 . 2009-08-18 10:43 -------- d-----w- c:\windows\system32\SmitfraudFix
2009-08-18 09:38 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2009-08-18 08:20 . 2009-08-18 08:40 -------- d-----w- C:\Lop SD
2009-08-17 15:32 . 2009-08-17 15:32 -------- d-----w- c:\users\guillaume\AppData\Roaming\GlarySoft
2009-08-17 15:28 . 2009-08-17 15:28 -------- d-----w- c:\program files\AskBarDis
2009-08-17 15:28 . 2009-08-17 15:28 -------- d-----w- c:\program files\Glary Utilities
2009-08-17 12:53 . 2009-08-17 13:42 -------- d-----w- C:\ToolBar SD
2009-08-17 12:29 . 2009-08-17 13:28 -------- d-----w- c:\program files\Ad-remover
2009-08-17 10:43 . 2009-08-17 10:43 -------- d-----w- C:\NavmanUpdates
2009-08-17 08:46 . 2009-08-17 08:46 -------- d-----w- c:\windows\BDOSCAN8
2009-08-17 08:35 . 2009-08-17 08:35 -------- d-----w- c:\program files\Trend Micro
2009-08-17 08:21 . 2009-08-17 08:21 -------- d-----w- c:\users\guillaume\AppData\Roaming\Malwarebytes
2009-08-17 08:21 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-17 08:21 . 2009-08-17 08:21 -------- d-----w- c:\programdata\Malwarebytes
2009-08-17 08:21 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-17 08:21 . 2009-08-17 08:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 08:06 . 2009-08-18 09:13 -------- d-----w- c:\program files\Navilog1
2009-08-16 22:32 . 2009-08-19 11:52 -------- d-----w- c:\users\guillaume\Tracing
2009-08-16 00:35 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-16 00:35 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-16 00:35 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-16 00:35 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-16 00:35 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-16 00:35 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-16 00:35 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-16 00:30 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-16 00:30 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-16 00:30 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-16 00:29 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-16 00:29 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-15 21:45 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-15 21:45 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-15 21:45 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-15 21:45 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-15 21:45 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-15 21:45 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-15 21:45 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-15 21:45 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-13 15:15 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 15:15 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 15:15 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 15:15 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 15:15 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 15:15 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 15:15 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 15:15 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 09:22 . 2007-12-09 19:33 -------- d-----w- c:\programdata\Google Updater
2009-08-19 07:42 . 2007-12-07 11:09 27715 ----a-w- c:\users\guillaume\AppData\Roaming\nvModes.dat
2009-08-17 09:34 . 2007-12-09 21:29 -------- d-----w- c:\users\guillaume\AppData\Roaming\Apple Computer
2009-08-17 07:58 . 2009-01-23 17:19 92 ----a-w- c:\users\guillaume\AppData\Local\uwuca.bat
2009-08-16 23:18 . 2007-12-10 18:44 1356 ----a-w- c:\users\guillaume\AppData\Local\d3d9caps.dat
2009-08-16 19:58 . 2009-03-22 15:01 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-08-16 09:45 . 2007-12-06 16:29 99752 ----a-w- c:\users\guillaume\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-16 09:43 . 2007-08-16 05:04 678956 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-16 09:43 . 2007-08-16 05:04 128004 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-16 00:48 . 2007-08-15 20:19 -------- d-----w- c:\programdata\Microsoft Help
2009-08-13 15:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-01 21:59 . 2007-08-15 20:11 -------- d-----w- c:\programdata\Roxio
2009-08-01 18:37 . 2008-04-03 20:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 16:06 . 2009-07-31 08:43 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-31 08:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-31 08:43 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-15 15:24 . 2009-07-15 09:46 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 09:46 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 09:46 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 09:46 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-05-01 20:11 . 2008-05-01 20:11 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-01-01 15:55 . 2007-12-30 18:45 1667104 --sha-w- c:\windows\System32\drivers\fidbox.dat
2007-08-16 05:10 . 2007-08-16 05:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 15:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"MSPService"="c:\program files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-23 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3179240D-96B3-4706-8097-C4474DA685D5}"= c:\program files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"TCP Query User{D000DD11-DA01-421D-9F43-2BE6AC1F2839}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus
"UDP Query User{0EA63880-49DF-4BE6-807F-71E52E8BBAE3}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus
"TCP Query User{C210EF78-3560-493F-8B07-DEFA2CAA8B47}c:\\program files\\overnet\\overnet.exe"= UDP:c:\program files\overnet\overnet.exe:Overnet Application
"UDP Query User{DE68FD8D-39C2-46BF-88BF-09C18F8E15B3}c:\\program files\\overnet\\overnet.exe"= TCP:c:\program files\overnet\overnet.exe:Overnet Application
"{D9386D21-387D-47FB-8C7A-B42B6B07B04F}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{A1DE3D53-1AA0-46C7-9918-30525638D173}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{F41378E6-4C8A-41F6-97DC-E6F9841D28A5}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{81402CC7-F9FD-4EDC-9436-E40DCF9BF436}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{BF6E478F-B7B6-41AC-A9E2-3B3847A37445}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{08535868-77A2-4C64-BE52-59409484B737}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"{E414D3B8-D112-4F94-B6C2-E6DD5604885A}"= UDP:c:\program files\MediaCoder\mediacoder.exe:MediaCoder
"{C0C1F692-661F-48FC-B6A6-D2F097C93982}"= TCP:c:\program files\MediaCoder\mediacoder.exe:MediaCoder
"{34251639-40BF-427E-8782-D8399099B5EE}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{C171E481-3806-46B0-B32D-F3C2D9743ACF}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{13C2370B-81E3-4BF1-997A-B61A86B0F37B}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{73577895-AFDA-403C-BEBF-06BBEA891C4F}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{73B32804-1EE9-4884-9DC7-E66716D2232E}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3EF42F70-B66E-40F2-A20F-248F4FD7AE74}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{798DE71A-72B3-41F5-A428-559159AA0A18}c:\\users\\guillaume\\program files\\dna\\btdna.exe"= UDP:c:\users\guillaume\program files\dna\btdna.exe:btdna.exe
"UDP Query User{3E16B93F-229C-4D67-A36F-A109EFCC8D52}c:\\users\\guillaume\\program files\\dna\\btdna.exe"= TCP:c:\users\guillaume\program files\dna\btdna.exe:btdna.exe
"TCP Query User{A39870E2-2369-4454-820F-CD398795F9A1}c:\\users\\guillaume\\desktop\\utorrent.exe"= UDP:c:\users\guillaume\desktop\utorrent.exe:utorrent.exe
"UDP Query User{4536FEBE-4050-4C9B-826B-10C4EF7270AA}c:\\users\\guillaume\\desktop\\utorrent.exe"= TCP:c:\users\guillaume\desktop\utorrent.exe:utorrent.exe
"{40FA2DF6-A78F-46C8-AD15-54A90033A4D7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BD8A2A75-8EF0-457C-BCCE-978A9606AA6F}c:\\program files\\adsltv\\vlc.exe"= UDP:c:\program files\adsltv\vlc.exe:VLC media player
"UDP Query User{0FF44E6A-79B7-4D04-95F6-63DB304F1B8A}c:\\program files\\adsltv\\vlc.exe"= TCP:c:\program files\adsltv\vlc.exe:VLC media player
"TCP Query User{91A690FA-CA9F-40A3-9717-F8F98204FDB5}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{5A259E50-FF51-47C8-BAB5-8DBAC9E6CC42}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{E18988F9-2978-45B2-BB68-F1516C00C469}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{07E7DEC6-0B06-4DC5-A792-E1412ADA8BA1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BDC51C54-237D-4F67-BA8A-88D9FD72F716}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FFB3C2FE-655A-429F-8B43-EC6F26D8EE3C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [09/05/2008 19:30 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [09/05/2008 19:30 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [09/05/2008 19:29 51792]
S3 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [29/04/2009 15:31 12672]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15/08/2007 22:12 29744]
S3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [15/08/2007 21:51 46592]
.
Contents of the 'Scheduled Tasks' folder
2009-08-19 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-08-15 16:38]
2009-08-19 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-17 08:30]
2009-08-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-15 20:04]
2009-08-19 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-08-15 16:34]
2009-08-19 c:\windows\Tasks\User_Feed_Synchronization-{78491DC8-4A2E-45E1-8258-5A29BF8BE11C}.job
- c:\windows\system32\msfeedssync.exe [2008-09-24 07:33]
.
.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\pxfo6d7w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\adslTV\npvlc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npornap.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 14:03
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-08-19 14:05
ComboFix-quarantined-files.txt 2009-08-19 12:05
Pre-Run: 51 006 103 552 octets libres
Post-Run: 50 894 413 824 octets libres
245 --- E O F --- 2009-08-18 08:25
ComboFix 09-08-18.01 - guillaume 19/08/2009 13:56.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2038.1259 [GMT 2:00]
Running from: c:\users\guillaume\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 081228-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1201 [VPS 081228-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-260555201-1564067638-1018481237-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk
c:\users\guillaume\AppData\Roaming\inst.exe
c:\windows\Cursors\aero_link.cur
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.
2009-08-19 12:02 . 2009-08-19 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-18 19:30 . 2009-08-18 19:30 -------- d-----w- C:\_OTM
2009-08-18 10:42 . 2009-08-18 10:43 -------- d-----w- c:\windows\system32\SmitfraudFix
2009-08-18 09:38 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2009-08-18 08:20 . 2009-08-18 08:40 -------- d-----w- C:\Lop SD
2009-08-17 15:32 . 2009-08-17 15:32 -------- d-----w- c:\users\guillaume\AppData\Roaming\GlarySoft
2009-08-17 15:28 . 2009-08-17 15:28 -------- d-----w- c:\program files\AskBarDis
2009-08-17 15:28 . 2009-08-17 15:28 -------- d-----w- c:\program files\Glary Utilities
2009-08-17 12:53 . 2009-08-17 13:42 -------- d-----w- C:\ToolBar SD
2009-08-17 12:29 . 2009-08-17 13:28 -------- d-----w- c:\program files\Ad-remover
2009-08-17 10:43 . 2009-08-17 10:43 -------- d-----w- C:\NavmanUpdates
2009-08-17 08:46 . 2009-08-17 08:46 -------- d-----w- c:\windows\BDOSCAN8
2009-08-17 08:35 . 2009-08-17 08:35 -------- d-----w- c:\program files\Trend Micro
2009-08-17 08:21 . 2009-08-17 08:21 -------- d-----w- c:\users\guillaume\AppData\Roaming\Malwarebytes
2009-08-17 08:21 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-17 08:21 . 2009-08-17 08:21 -------- d-----w- c:\programdata\Malwarebytes
2009-08-17 08:21 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-17 08:21 . 2009-08-17 08:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 08:06 . 2009-08-18 09:13 -------- d-----w- c:\program files\Navilog1
2009-08-16 22:32 . 2009-08-19 11:52 -------- d-----w- c:\users\guillaume\Tracing
2009-08-16 00:35 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-16 00:35 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-16 00:35 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-16 00:35 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-16 00:35 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-16 00:35 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-16 00:35 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-16 00:30 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-16 00:30 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-16 00:30 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-16 00:29 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-16 00:29 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-15 21:45 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-15 21:45 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-15 21:45 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-15 21:45 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-15 21:45 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-15 21:45 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-15 21:45 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-15 21:45 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-13 15:15 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 15:15 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 15:15 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 15:15 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 15:15 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 15:15 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 15:15 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 15:15 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 09:22 . 2007-12-09 19:33 -------- d-----w- c:\programdata\Google Updater
2009-08-19 07:42 . 2007-12-07 11:09 27715 ----a-w- c:\users\guillaume\AppData\Roaming\nvModes.dat
2009-08-17 09:34 . 2007-12-09 21:29 -------- d-----w- c:\users\guillaume\AppData\Roaming\Apple Computer
2009-08-17 07:58 . 2009-01-23 17:19 92 ----a-w- c:\users\guillaume\AppData\Local\uwuca.bat
2009-08-16 23:18 . 2007-12-10 18:44 1356 ----a-w- c:\users\guillaume\AppData\Local\d3d9caps.dat
2009-08-16 19:58 . 2009-03-22 15:01 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-08-16 09:45 . 2007-12-06 16:29 99752 ----a-w- c:\users\guillaume\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-16 09:43 . 2007-08-16 05:04 678956 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-16 09:43 . 2007-08-16 05:04 128004 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-16 00:48 . 2007-08-15 20:19 -------- d-----w- c:\programdata\Microsoft Help
2009-08-13 15:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-01 21:59 . 2007-08-15 20:11 -------- d-----w- c:\programdata\Roxio
2009-08-01 18:37 . 2008-04-03 20:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 16:06 . 2009-07-31 08:43 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-31 08:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-31 08:43 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-15 15:24 . 2009-07-15 09:46 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 09:46 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 09:46 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 09:46 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-05-01 20:11 . 2008-05-01 20:11 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-01-01 15:55 . 2007-12-30 18:45 1667104 --sha-w- c:\windows\System32\drivers\fidbox.dat
2007-08-16 05:10 . 2007-08-16 05:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 15:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"MSPService"="c:\program files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-23 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3179240D-96B3-4706-8097-C4474DA685D5}"= c:\program files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"TCP Query User{D000DD11-DA01-421D-9F43-2BE6AC1F2839}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus
"UDP Query User{0EA63880-49DF-4BE6-807F-71E52E8BBAE3}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus
"TCP Query User{C210EF78-3560-493F-8B07-DEFA2CAA8B47}c:\\program files\\overnet\\overnet.exe"= UDP:c:\program files\overnet\overnet.exe:Overnet Application
"UDP Query User{DE68FD8D-39C2-46BF-88BF-09C18F8E15B3}c:\\program files\\overnet\\overnet.exe"= TCP:c:\program files\overnet\overnet.exe:Overnet Application
"{D9386D21-387D-47FB-8C7A-B42B6B07B04F}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{A1DE3D53-1AA0-46C7-9918-30525638D173}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{F41378E6-4C8A-41F6-97DC-E6F9841D28A5}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{81402CC7-F9FD-4EDC-9436-E40DCF9BF436}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{BF6E478F-B7B6-41AC-A9E2-3B3847A37445}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{08535868-77A2-4C64-BE52-59409484B737}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"{E414D3B8-D112-4F94-B6C2-E6DD5604885A}"= UDP:c:\program files\MediaCoder\mediacoder.exe:MediaCoder
"{C0C1F692-661F-48FC-B6A6-D2F097C93982}"= TCP:c:\program files\MediaCoder\mediacoder.exe:MediaCoder
"{34251639-40BF-427E-8782-D8399099B5EE}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{C171E481-3806-46B0-B32D-F3C2D9743ACF}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{13C2370B-81E3-4BF1-997A-B61A86B0F37B}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{73577895-AFDA-403C-BEBF-06BBEA891C4F}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{73B32804-1EE9-4884-9DC7-E66716D2232E}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3EF42F70-B66E-40F2-A20F-248F4FD7AE74}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{798DE71A-72B3-41F5-A428-559159AA0A18}c:\\users\\guillaume\\program files\\dna\\btdna.exe"= UDP:c:\users\guillaume\program files\dna\btdna.exe:btdna.exe
"UDP Query User{3E16B93F-229C-4D67-A36F-A109EFCC8D52}c:\\users\\guillaume\\program files\\dna\\btdna.exe"= TCP:c:\users\guillaume\program files\dna\btdna.exe:btdna.exe
"TCP Query User{A39870E2-2369-4454-820F-CD398795F9A1}c:\\users\\guillaume\\desktop\\utorrent.exe"= UDP:c:\users\guillaume\desktop\utorrent.exe:utorrent.exe
"UDP Query User{4536FEBE-4050-4C9B-826B-10C4EF7270AA}c:\\users\\guillaume\\desktop\\utorrent.exe"= TCP:c:\users\guillaume\desktop\utorrent.exe:utorrent.exe
"{40FA2DF6-A78F-46C8-AD15-54A90033A4D7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BD8A2A75-8EF0-457C-BCCE-978A9606AA6F}c:\\program files\\adsltv\\vlc.exe"= UDP:c:\program files\adsltv\vlc.exe:VLC media player
"UDP Query User{0FF44E6A-79B7-4D04-95F6-63DB304F1B8A}c:\\program files\\adsltv\\vlc.exe"= TCP:c:\program files\adsltv\vlc.exe:VLC media player
"TCP Query User{91A690FA-CA9F-40A3-9717-F8F98204FDB5}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{5A259E50-FF51-47C8-BAB5-8DBAC9E6CC42}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{E18988F9-2978-45B2-BB68-F1516C00C469}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{07E7DEC6-0B06-4DC5-A792-E1412ADA8BA1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BDC51C54-237D-4F67-BA8A-88D9FD72F716}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FFB3C2FE-655A-429F-8B43-EC6F26D8EE3C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [09/05/2008 19:30 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [09/05/2008 19:30 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [09/05/2008 19:29 51792]
S3 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [29/04/2009 15:31 12672]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15/08/2007 22:12 29744]
S3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [15/08/2007 21:51 46592]
.
Contents of the 'Scheduled Tasks' folder
2009-08-19 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-08-15 16:38]
2009-08-19 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-17 08:30]
2009-08-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-15 20:04]
2009-08-19 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-08-15 16:34]
2009-08-19 c:\windows\Tasks\User_Feed_Synchronization-{78491DC8-4A2E-45E1-8258-5A29BF8BE11C}.job
- c:\windows\system32\msfeedssync.exe [2008-09-24 07:33]
.
.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\pxfo6d7w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\adslTV\npvlc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npornap.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 14:03
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-08-19 14:05
ComboFix-quarantined-files.txt 2009-08-19 12:05
Pre-Run: 51 006 103 552 octets libres
Post-Run: 50 894 413 824 octets libres
245 --- E O F --- 2009-08-18 08:25
bon on re essaye
double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.
(attention bien mettre :files)
:processes
explorer.exe
:files
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.
double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.
(attention bien mettre :files)
:processes
explorer.exe
:files
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.
voici le résultat:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure not found.
File/Folder c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk not found.
File/Folder c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: guillaume
->Temp folder emptied: 32078 bytes
->Temporary Internet Files folder emptied: 65670 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41811061 bytes
->Apple Safari cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 39,97 mb
OTM by OldTimer - Version 3.0.0.6 log created on 08192009_150340
Files moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure not found.
File/Folder c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk not found.
File/Folder c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: guillaume
->Temp folder emptied: 32078 bytes
->Temporary Internet Files folder emptied: 65670 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41811061 bytes
->Apple Safari cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 39,97 mb
OTM by OldTimer - Version 3.0.0.6 log created on 08192009_150340
Files moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
je ne comprend pas
si tu va dans c:\programdata\Microsoft\Windows\Start Menu\Programs
tu vois ca ? Spyware-Secure
si tu va dans c:\programdata\Microsoft\Windows\Start Menu\Programs
tu vois ca ? Spyware-Secure
