Un virus fait bugger mon antivirus !

Résolu
Chayr Messages postés 109 Statut Membre -  
 crapoulou -
Salut a tous,

Je viens de choper un virus et lorsque je lance un scan et que mon antivirus le trouve, il est de partout et me fait supprimer tous les fichiers . exe de mon ordi.

Win32:Sality

Mon antivirus est avast.

Si quelqu'un pourait me filer un coup de main svp.


Bye
A voir également:

106 réponses

Précédent
Réponse 61 / 106
Chayr Messages postés 109 Statut Membre 1
 
je viens de te filer mon mail par MP sur ton adresse ....free.fr
0
Réponse 62 / 106
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Je t'ai ajouté sur MSN.
0
Réponse 63 / 106
Chayr Messages postés 109 Statut Membre 1
 
Voici le rapport :

ComboFix 09-08-27.02 - Administrateur 28/08/2009 4:09.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.652 [GMT 2:00]
Running from: c:\documents and settings\Bureau\Ccleaner\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bureau\BRUNo EPP .doc
c:\program files\Internet Explorer\ws2help.dll
c:\program files\Windows Media Player\ws2help.dll
c:\recycler\S-1-5-21-515967899-484061587-1801674531-500
c:\windows\system32\NX.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32


((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.

2009-08-09 14:49 . 2009-08-09 15:08 -------- d-----w- c:\documents and settings\Bureau\Mariage 8 aout
2009-08-06 18:03 . 2009-08-06 18:06 -------- d-----w- c:\documents and settings\Bureau\Wak board
2009-08-03 17:43 . 2009-08-03 17:43 -------- d-s---w- c:\documents and asettings\Administrateur\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 00:09 . 2009-07-21 17:00 -------- d-----w- c:\program files\Alwil Software
2009-08-27 18:39 . 2009-08-24 11:47 -------- d-----w- c:\program files\trend micro
2009-08-27 13:59 . 2006-09-08 03:00 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-26 18:02 . 2009-02-26 12:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 00:19 . 2006-08-23 10:19 -------- d-----w- c:\program files\Fichiers communs\Ahead
2009-08-25 00:18 . 2006-08-23 10:28 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Ahead
2009-08-25 00:17 . 2009-08-25 00:17 -------- d-----w- c:\program files\Nero
2009-08-25 00:11 . 2006-09-07 22:21 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Azureus
2009-08-24 23:23 . 2009-08-24 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-08-24 23:23 . 2006-09-07 22:11 -------- d-----w- c:\program files\Azureus
2009-08-24 23:22 . 2009-08-24 23:22 -------- d-----w- c:\program files\AskBarDis
2009-08-24 10:19 . 2009-06-20 01:02 -------- d-----w- c:\program files\SwarmPlayer
2009-08-24 10:19 . 2006-12-27 01:42 -------- d-----w- c:\program files\Steam
2009-08-24 10:15 . 2009-06-26 16:41 -------- d-----w- c:\program files\Fichiers communs\Teleca Shared
2009-08-20 14:34 . 2006-08-23 08:33 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Canon
2009-08-03 11:36 . 2009-02-26 12:19 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-02-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 15:42 . 2009-07-23 15:36 -------- d-----w- c:\program files\Free Video Converter
2009-07-21 17:05 . 2008-11-28 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-21 14:03 . 2009-07-21 14:03 3848903 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-20 15:13 . 2006-08-23 02:48 65504 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-20 15:13 . 2009-07-20 15:13 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Xilisoft Corporation
2009-07-20 15:12 . 2009-07-20 15:12 -------- d-----w- c:\program files\Xilisoft
2009-07-20 15:06 . 2009-07-20 15:04 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Python-Eggs
2009-07-19 16:31 . 2009-07-19 16:28 -------- d-----w- c:\documents and settings\Administrateur\Application Data\teamspeak2
2009-07-19 16:28 . 2009-07-19 16:28 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-07-18 12:17 . 2004-08-10 11:00 80610 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-18 12:17 . 2004-08-10 11:00 501764 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-17 18:14 . 2009-07-17 18:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-07-17 15:26 . 2009-07-17 15:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-07-07 21:46 . 2009-07-07 21:46 -------- d-----w- c:\program files\Custom-Strike
2009-07-07 21:46 . 2006-08-23 02:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 18:16 . 2009-07-07 17:57 -------- d-----w- c:\documents and settings\Administrateur\Application Data\HLSW
2009-07-07 17:58 . 2009-07-07 17:57 -------- d-s---w- c:\program files\HLSW
2009-07-07 06:12 . 2008-12-01 12:16 -------- d-----w- c:\documents and settings\Administrateur\Application Data\FileZilla
2009-07-07 05:07 . 2009-07-06 16:26 -------- d-----w- c:\program files\LeechFTP
2009-07-06 15:53 . 2008-12-01 12:16 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-01 16:03 . 2007-12-07 17:21 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Samsung
2009-06-29 13:29 . 2009-06-29 13:29 70384 ----a-w- c:\windows\desctemp.dat
2009-06-24 21:58 . 2009-06-24 21:46 128118 ----a-w- c:\windows\hpoins11.dat
2009-06-24 21:00 . 2009-06-24 20:49 312928648 ----a-w- c:\documents and settings\Bureau\AiO_071_000_201_000_CDA_Default-Full_Network_AmericasEuro1.exe
2009-06-11 14:52 . 2009-07-20 15:04 123904 ----a-w- c:\documents and settings\Administrateur\Application Data\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstflumpegdemux.dll
2009-06-11 14:52 . 2009-07-20 15:04 128000 ----a-w- c:\documents and settings\Administrateur\Application Data\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstfluasfdemux.dll
1999-12-02 12:54 . 2008-09-02 19:41 161280 ------w- c:\program files\xcacls.exe
.

------- Sigcheck -------

[-] 2004-11-25 21:20 506368 048CB871E6F98E41F072B85C67C30925 c:\windows\system32\winlogon.exe

[-] 2004-08-10 11:00 1105920 120ECD639B804482BDD01E9E2F2A38BF c:\windows\explorer.exe
[-] 2004-08-10 11:00 3198464 CDC990FBECEFF120D114C94CF07AF248 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 146680]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-11-24 172032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 229376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 105328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 514984]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-21 879120]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 22:30 72208 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[COLOR=RED] SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. /COLOR

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Stardock ObjectDock.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^TribalWeb.net.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\TribalWeb.net.lnk
backup=c:\windows\pss\TribalWeb.net.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\TribalWeb.net\\tribalweb.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kidou666\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\Bureau\\Ccleaner\\UsbFix.exe"=
"c:\\SDFix\\apps\\ERUNT.EXE"=
"c:\\WINDOWS\\system32\\ntvdm.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe"=
"c:\\WINDOWS\\system32\\CF22.exe"=
"c:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winjtrufr.exe"=
"c:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winisgxvp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5525:TCP"= 5525:TCP:mule
"5535:UDP"= 5535:UDP:mule2
"14083:TCP"= 14083:TCP:NortonAV
"12851:TCP"= 12851:TCP:NortonAV
"14266:TCP"= 14266:TCP:NortonAV
"14502:TCP"= 14502:TCP:NortonAV
"15005:TCP"= 15005:TCP:NortonAV
"18665:TCP"= 18665:TCP:NortonAV
"14983:TCP"= 14983:TCP:NortonAV
"15707:TCP"= 15707:TCP:NortonAV
"14331:TCP"= 14331:TCP:NortonAV
"12317:TCP"= 12317:TCP:NortonAV
"15887:TCP"= 15887:TCP:NortonAV
"12538:TCP"= 12538:TCP:NortonAV
"15242:TCP"= 15242:TCP:NortonAV
"13784:TCP"= 13784:TCP:NortonAV
"14918:TCP"= 14918:TCP:NortonAV
"13481:TCP"= 13481:TCP:NortonAV
"16817:TCP"= 16817:TCP:NortonAV
"12290:TCP"= 12290:TCP:NortonAV
"13564:TCP"= 13564:TCP:NortonAV
"17921:TCP"= 17921:TCP:NortonAV
"14187:TCP"= 14187:TCP:NortonAV
"17679:TCP"= 17679:TCP:NortonAV
"16694:TCP"= 16694:TCP:NortonAV
"18634:TCP"= 18634:TCP:NortonAV
"15336:TCP"= 15336:TCP:NortonAV
"17790:TCP"= 17790:TCP:NortonAV
"15932:TCP"= 15932:TCP:NortonAV
"18820:TCP"= 18820:TCP:NortonAV
"13782:TCP"= 13782:TCP:NortonAV
"12746:TCP"= 12746:TCP:NortonAV
"17231:TCP"= 17231:TCP:NortonAV
"12863:TCP"= 12863:TCP:NortonAV
"13919:TCP"= 13919:TCP:NortonAV
"18431:TCP"= 18431:TCP:NortonAV
"17456:TCP"= 17456:TCP:NortonAV
"14567:TCP"= 14567:TCP:NortonAV
"12274:TCP"= 12274:TCP:NortonAV
"13361:TCP"= 13361:TCP:NortonAV
"13953:TCP"= 13953:TCP:NortonAV
"12039:TCP"= 12039:TCP:NortonAV
"15992:TCP"= 15992:TCP:NortonAV
"14902:TCP"= 14902:TCP:NortonAV
"17551:TCP"= 17551:TCP:NortonAV
"16951:TCP"= 16951:TCP:NortonAV
"13794:TCP"= 13794:TCP:NortonAV
"16220:TCP"= 16220:TCP:NortonAV
"18500:TCP"= 18500:TCP:NortonAV
"15353:TCP"= 15353:TCP:NortonAV
"16532:TCP"= 16532:TCP:NortonAV
"17463:TCP"= 17463:TCP:NortonAV
"12429:TCP"= 12429:TCP:NortonAV
"15018:TCP"= 15018:TCP:NortonAV
"12822:TCP"= 12822:TCP:NortonAV
"12020:TCP"= 12020:TCP:NortonAV
"12272:TCP"= 12272:TCP:NortonAV
"14369:TCP"= 14369:TCP:NortonAV
"14256:TCP"= 14256:TCP:NortonAV
"16120:TCP"= 16120:TCP:NortonAV
"18926:TCP"= 18926:TCP:NortonAV
"13592:TCP"= 13592:TCP:NortonAV
"12261:TCP"= 12261:TCP:NortonAV
"17383:TCP"= 17383:TCP:NortonAV
"17918:TCP"= 17918:TCP:NortonAV
"12298:TCP"= 12298:TCP:NortonAV
"15394:TCP"= 15394:TCP:NortonAV
"12417:TCP"= 12417:TCP:NortonAV
"18704:TCP"= 18704:TCP:NortonAV
"13466:TCP"= 13466:TCP:NortonAV
"14508:TCP"= 14508:TCP:NortonAV
"17934:TCP"= 17934:TCP:NortonAV
"15453:TCP"= 15453:TCP:NortonAV
"15639:TCP"= 15639:TCP:NortonAV
"16756:TCP"= 16756:TCP:NortonAV
"17640:TCP"= 17640:TCP:NortonAV
"13989:TCP"= 13989:TCP:NortonAV
"17466:TCP"= 17466:TCP:NortonAV
"12339:TCP"= 12339:TCP:NortonAV
"18966:TCP"= 18966:TCP:NortonAV
"13626:TCP"= 13626:TCP:NortonAV
"15697:TCP"= 15697:TCP:NortonAV
"14292:TCP"= 14292:TCP:NortonAV
"18637:TCP"= 18637:TCP:NortonAV
"17337:TCP"= 17337:TCP:NortonAV
"12281:TCP"= 12281:TCP:NortonAV
"13638:TCP"= 13638:TCP:NortonAV
"17102:TCP"= 17102:TCP:NortonAV
"14112:TCP"= 14112:TCP:NortonAV
"12067:TCP"= 12067:TCP:NortonAV
"14108:TCP"= 14108:TCP:NortonAV
"15561:TCP"= 15561:TCP:NortonAV
"15245:TCP"= 15245:TCP:NortonAV
"12682:TCP"= 12682:TCP:NortonAV
"15602:TCP"= 15602:TCP:NortonAV
"15084:TCP"= 15084:TCP:NortonAV
"13804:TCP"= 13804:TCP:NortonAV
"17434:TCP"= 17434:TCP:NortonAV
"13088:TCP"= 13088:TCP:NortonAV
"18882:TCP"= 18882:TCP:NortonAV
"17866:TCP"= 17866:TCP:NortonAV
"16341:TCP"= 16341:TCP:NortonAV
"17594:TCP"= 17594:TCP:NortonAV
"17265:TCP"= 17265:TCP:NortonAV
"14073:TCP"= 14073:TCP:NortonAV
"17740:TCP"= 17740:TCP:NortonAV
"12069:TCP"= 12069:TCP:NortonAV
"16583:TCP"= 16583:TCP:NortonAV
"14070:TCP"= 14070:TCP:NortonAV
"15969:TCP"= 15969:TCP:NortonAV
"16095:TCP"= 16095:TCP:NortonAV
"15360:TCP"= 15360:TCP:NortonAV
"14412:TCP"= 14412:TCP:NortonAV
"13462:TCP"= 13462:TCP:NortonAV
"12430:TCP"= 12430:TCP:NortonAV
"12443:TCP"= 12443:TCP:NortonAV
"16700:TCP"= 16700:TCP:NortonAV
"16657:TCP"= 16657:TCP:NortonAV
"15485:TCP"= 15485:TCP:NortonAV
"13514:TCP"= 13514:TCP:NortonAV
"18070:TCP"= 18070:TCP:NortonAV
"18319:TCP"= 18319:TCP:NortonAV
"18436:TCP"= 18436:TCP:NortonAV
"12121:TCP"= 12121:TCP:NortonAV
"12158:TCP"= 12158:TCP:NortonAV
"18334:TCP"= 18334:TCP:NortonAV
"15698:TCP"= 15698:TCP:NortonAV
"17432:TCP"= 17432:TCP:NortonAV
"13123:TCP"= 13123:TCP:NortonAV
"16096:TCP"= 16096:TCP:NortonAV
"14691:TCP"= 14691:TCP:NortonAV
"18612:TCP"= 18612:TCP:NortonAV
"16299:TCP"= 16299:TCP:NortonAV
"18163:TCP"= 18163:TCP:NortonAV
"16775:TCP"= 16775:TCP:NortonAV
"16082:TCP"= 16082:TCP:NortonAV
"14278:TCP"= 14278:TCP:NortonAV
"14802:TCP"= 14802:TCP:NortonAV
"15407:TCP"= 15407:TCP:NortonAV
"13853:TCP"= 13853:TCP:NortonAV
"15114:TCP"= 15114:TCP:NortonAV
"18484:TCP"= 18484:TCP:NortonAV
"18344:TCP"= 18344:TCP:NortonAV
"17763:TCP"= 17763:TCP:NortonAV
"18508:TCP"= 18508:TCP:NortonAV
"12953:TCP"= 12953:TCP:NortonAV
"14720:TCP"= 14720:TCP:NortonAV
"17259:TCP"= 17259:TCP:NortonAV
"16929:TCP"= 16929:TCP:NortonAV
"13768:TCP"= 13768:TCP:NortonAV
"57645:TCP"= 57645:TCP:Pando P2P TCP Listening Port
"57645:UDP"= 57645:UDP:Pando P2P UDP Listening Port
"14789:TCP"= 14789:TCP:NortonAV
"16911:TCP"= 16911:TCP:NortonAV
"14349:TCP"= 14349:TCP:NortonAV
"13150:TCP"= 13150:TCP:NortonAV
"16386:TCP"= 16386:TCP:NortonAV
"17939:TCP"= 17939:TCP:NortonAV
"12285:TCP"= 12285:TCP:NortonAV
"13106:TCP"= 13106:TCP:NortonAV
"15985:TCP"= 15985:TCP:NortonAV
"15458:TCP"= 15458:TCP:NortonAV
"13669:TCP"= 13669:TCP:NortonAV
"17324:TCP"= 17324:TCP:NortonAV
"12797:TCP"= 12797:TCP:NortonAV
"13608:TCP"= 13608:TCP:NortonAV
"13183:TCP"= 13183:TCP:NortonAV
"16957:TCP"= 16957:TCP:NortonAV
"18577:TCP"= 18577:TCP:NortonAV
"17081:TCP"= 17081:TCP:NortonAV
"18792:TCP"= 18792:TCP:NortonAV
"18234:TCP"= 18234:TCP:NortonAV
"13335:TCP"= 13335:TCP:NortonAV
"13797:TCP"= 13797:TCP:NortonAV
"16861:TCP"= 16861:TCP:NortonAV
"12169:TCP"= 12169:TCP:NortonAV
"13011:TCP"= 13011:TCP:NortonAV
"18797:TCP"= 18797:TCP:NortonAV
"18504:TCP"= 18504:TCP:NortonAV
"15435:TCP"= 15435:TCP:NortonAV
"14700:TCP"= 14700:TCP:NortonAV
"14332:TCP"= 14332:TCP:NortonAV
"15158:TCP"= 15158:TCP:NortonAV
"12396:TCP"= 12396:TCP:NortonAV
"17723:TCP"= 17723:TCP:NortonAV
"15571:TCP"= 15571:TCP:NortonAV
"17948:TCP"= 17948:TCP:NortonAV
"14846:TCP"= 14846:TCP:NortonAV
"14772:TCP"= 14772:TCP:NortonAV
"12011:TCP"= 12011:TCP:NortonAV
"15876:TCP"= 15876:TCP:NortonAV
"18471:TCP"= 18471:TCP:NortonAV
"17795:TCP"= 17795:TCP:NortonAV
"18218:TCP"= 18218:TCP:NortonAV
"18318:TCP"= 18318:TCP:NortonAV
"15297:TCP"= 15297:TCP:NortonAV
"15372:TCP"= 15372:TCP:NortonAV
"16369:TCP"= 16369:TCP:NortonAV
"15300:TCP"= 15300:TCP:NortonAV
"16105:TCP"= 16105:TCP:NortonAV
"18889:TCP"= 18889:TCP:NortonAV
"15953:TCP"= 15953:TCP:NortonAV
"17855:TCP"= 17855:TCP:NortonAV
"16607:TCP"= 16607:TCP:NortonAV
"18904:TCP"= 18904:TCP:NortonAV
"17799:TCP"= 17799:TCP:NortonAV
"16420:TCP"= 16420:TCP:NortonAV
"13082:TCP"= 13082:TCP:NortonAV
"14002:TCP"= 14002:TCP:NortonAV
"16719:TCP"= 16719:TCP:NortonAV
"17029:TCP"= 17029:TCP:NortonAV
"13876:TCP"= 13876:TCP:NortonAV
"17526:TCP"= 17526:TCP:NortonAV
"16223:TCP"= 16223:TCP:NortonAV
"13219:TCP"= 13219:TCP:NortonAV
"17009:TCP"= 17009:TCP:NortonAV
"13529:TCP"= 13529:TCP:NortonAV
"15264:TCP"= 15264:TCP:NortonAV
"14956:TCP"= 14956:TCP:NortonAV
"18645:TCP"= 18645:TCP:NortonAV
"12151:TCP"= 12151:TCP:NortonAV
"13830:TCP"= 13830:TCP:NortonAV
"16224:TCP"= 16224:TCP:NortonAV
"14130:TCP"= 14130:TCP:NortonAV
"16823:TCP"= 16823:TCP:NortonAV
"18397:TCP"= 18397:TCP:NortonAV
"14938:TCP"= 14938:TCP:NortonAV
"17784:TCP"= 17784:TCP:NortonAV
"18136:TCP"= 18136:TCP:NortonAV
"15933:TCP"= 15933:TCP:NortonAV
"13319:TCP"= 13319:TCP:NortonAV
"13117:TCP"= 13117:TCP:NortonAV
"14750:TCP"= 14750:TCP:NortonAV
"18357:TCP"= 18357:TCP:NortonAV
"18271:TCP"= 18271:TCP:NortonAV
"14859:TCP"= 14859:TCP:NortonAV
"17850:TCP"= 17850:TCP:NortonAV
"17420:TCP"= 17420:TCP:NortonAV
"15574:TCP"= 15574:TCP:NortonAV
"17804:TCP"= 17804:TCP:NortonAV
"14034:TCP"= 14034:TCP:NortonAV
"15694:TCP"= 15694:TCP:NortonAV
"18347:TCP"= 18347:TCP:NortonAV
"15168:TCP"= 15168:TCP:NortonAV
"13571:TCP"= 13571:TCP:NortonAV
"15358:TCP"= 15358:TCP:NortonAV
"15190:TCP"= 15190:TCP:NortonAV
"17793:TCP"= 17793:TCP:NortonAV
"12022:TCP"= 12022:TCP:NortonAV
"15565:TCP"= 15565:TCP:NortonAV
"12631:TCP"= 12631:TCP:NortonAV
"15277:TCP"= 15277:TCP:NortonAV
"13688:TCP"= 13688:TCP:NortonAV
"14914:TCP"= 14914:TCP:NortonAV
"15749:TCP"= 15749:TCP:NortonAV
"17243:TCP"= 17243:TCP:NortonAV
"16725:TCP"= 16725:TCP:NortonAV
"18008:TCP"= 18008:TCP:NortonAV
"14808:TCP"= 14808:TCP:NortonAV
"17424:TCP"= 17424:TCP:NortonAV
"16569:TCP"= 16569:TCP:NortonAV
"16121:TCP"= 16121:TCP:NortonAV
"14463:TCP"= 14463:TCP:NortonAV
"15502:TCP"= 15502:TCP:NortonAV
"12173:TCP"= 12173:TCP:NortonAV
"13565:TCP"= 13565:TCP:NortonAV
"17038:TCP"= 17038:TCP:NortonAV
"14800:TCP"= 14800:TCP:NortonAV
"12503:TCP"= 12503:TCP:NortonAV
"16356:TCP"= 16356:TCP:NortonAV
"13203:TCP"= 13203:TCP:NortonAV
"15881:TCP"= 15881:TCP:NortonAV
"12393:TCP"= 12393:TCP:NortonAV
"14989:TCP"= 14989:TCP:NortonAV
"14153:TCP"= 14153:TCP:NortonAV
"16631:TCP"= 16631:TCP:NortonAV
"13554:TCP"= 13554:TCP:NortonAV
"13686:TCP"= 13686:TCP:NortonAV
"16418:TCP"= 16418:TCP:NortonAV
"13954:TCP"= 13954:TCP:NortonAV
"15130:TCP"= 15130:TCP:NortonAV
"16001:TCP"= 16001:TCP:NortonAV
"15871:TCP"= 15871:TCP:NortonAV
"17133:TCP"= 17133:TCP:NortonAV
"17506:TCP"= 17506:TCP:NortonAV
"13388:TCP"= 13388:TCP:NortonAV
"15664:TCP"= 15664:TCP:NortonAV
"14216:TCP"= 14216:TCP:NortonAV
"17161:TCP"= 17161:TCP:NortonAV
"13493:TCP"= 13493:TCP:NortonAV
"16769:TCP"= 16769:TCP:NortonAV
"16553:TCP"= 16553:TCP:NortonAV
"16507:TCP"= 16507:TCP:NortonAV
"13840:TCP"= 13840:TCP:NortonAV
"17469:TCP"= 17469:TCP:NortonAV
"18952:TCP"= 18952:TCP:NortonAV
"13992:TCP"= 13992:TCP:NortonAV
"12663:TCP"= 12663:TCP:NortonAV
"14776:TCP"= 14776:TCP:NortonAV
"12567:TCP"= 12567:TCP:NortonAV
"14551:TCP"= 14551:TCP:NortonAV
"15178:TCP"= 15178:TCP:NortonAV
"18893:TCP"= 18893:TCP:NortonAV
"16382:TCP"= 16382:TCP:NortonAV
"13537:TCP"= 13537:TCP:NortonAV
"14406:TCP"= 14406:TCP:NortonAV
"13205:TCP"= 13205:TCP:NortonAV
"14145:TCP"= 14145:TCP:NortonAV
"14952:TCP"= 14952:TCP:NortonAV
"13761:TCP"= 13761:TCP:NortonAV
"18886:TCP"= 18886:TCP:NortonAV
"18316:TCP"= 18316:TCP:NortonAV
"18004:TCP"= 18004:TCP:NortonAV
"15536:TCP"= 15536:TCP:NortonAV
"13536:TCP"= 13536:TCP:NortonAV
"18477:TCP"= 18477:TCP:NortonAV
"13816:TCP"= 13816:TCP:NortonAV
"13820:TCP"= 13820:TCP:NortonAV
"14565:TCP"= 14565:TCP:NortonAV
"17144:TCP"= 17144:TCP:NortonAV
"13505:TCP"= 13505:TCP:NortonAV
"18122:TCP"= 18122:TCP:NortonAV
"18408:TCP"= 18408:TCP:NortonAV
"12932:TCP"= 12932:TCP:NortonAV
"15591:TCP"= 15591:TCP:NortonAV
"18681:TCP"= 18681:TCP:NortonAV
"17338:TCP"= 17338:TCP:NortonAV
"16452:TCP"= 16452:TCP:NortonAV
"14757:TCP"= 14757:TCP:NortonAV
"13628:TCP"= 13628:TCP:NortonAV
"18258:TCP"= 18258:TCP:NortonAV
"13221:TCP"= 13221:TCP:NortonAV
"13164:TCP"= 13164:TCP:NortonAV
"14300:TCP"= 14300:TCP:NortonAV
"15193:TCP"= 15193:TCP:NortonAV
"16827:TCP"= 16827:TCP:NortonAV
"16348:TCP"= 16348:TCP:NortonAV
"14469:TCP"= 14469:TCP:NortonAV
"17502:TCP"= 17502:TCP:NortonAV
"16822:TCP"= 16822:TCP:NortonAV
"14297:TCP"= 14297:TCP:NortonAV
"16124:TCP"= 16124:TCP:NortonAV
"12318:TCP"= 12318:TCP:NortonAV
"17794:TCP"= 17794:TCP:NortonAV
"17760:TCP"= 17760:TCP:NortonAV
"17141:TCP"= 17141:TCP:NortonAV
"17650:TCP"= 17650:TCP:NortonAV
"18885:TCP"= 18885:TCP:NortonAV
"17135:TCP"= 17135:TCP:NortonAV
"16922:TCP"= 16922:TCP:NortonAV
"13099:TCP"= 13099:TCP:NortonAV
"16245:TCP"= 16245:TCP:NortonAV
"17223:TCP"= 17223:TCP:NortonAV
"18985:TCP"= 18985:TCP:NortonAV
"16651:TCP"= 16651:TCP:NortonAV
"14932:TCP"= 14932:TCP:NortonAV
"14543:TCP"= 14543:TCP:NortonAV
"12782:TCP"= 12782:TCP:NortonAV
"14019:TCP"= 14019:TCP:NortonAV
"17651:TCP"= 17651:TCP:NortonAV
"14410:TCP"= 14410:TCP:NortonAV
"18309:TCP"= 18309:TCP:NortonAV
"13110:TCP"= 13110:TCP:NortonAV
"15325:TCP"= 15325:TCP:NortonAV
"12433:TCP"= 12433:TCP:NortonAV
"12674:TCP"= 12674:TCP:NortonAV
"15840:TCP"= 15840:TCP:NortonAV
"12209:TCP"= 12209:TCP:NortonAV
"12422:TCP"= 12422:TCP:NortonAV
"13186:TCP"= 13186:TCP:NortonAV
"13557:TCP"= 13557:TCP:NortonAV
"12438:TCP"= 12438:TCP:NortonAV
"15583:TCP"= 15583:TCP:NortonAV
"16622:TCP"= 16622:TCP:NortonAV
"12555:TCP"= 12555:TCP:NortonAV
"17025:TCP"= 17025:TCP:NortonAV
"12456:TCP"= 12456:TCP:NortonAV
"15515:TCP"= 15515:TCP:NortonAV
"13180:TCP"= 13180:TCP:NortonAV
"12833:TCP"= 12833:TCP:NortonAV
"16767:TCP"= 16767:TCP:NortonAV
"12936:TCP"= 12936:TCP:NortonAV
"15721:TCP"= 15721:TCP:NortonAV
"13455:TCP"= 13455:TCP:NortonAV
"12574:TCP"= 12574:TCP:NortonAV
"14413:TCP"= 14413:TCP:NortonAV
"13465:TCP"= 13465:TCP:NortonAV
"14156:TCP"= 14156:TCP:NortonAV
"16999:TCP"= 16999:TCP:NortonAV
"13847:TCP"= 13847:TCP:NortonAV
"18744:TCP"= 18744:TCP:NortonAV
"18960:TCP"= 18960:TCP:NortonAV
"12825:TCP"= 12825:TCP:NortonAV
"13401:TCP"= 13401:TCP:NortonAV
"16596:TCP"= 16596:TCP:NortonAV
"12189:TCP"= 12189:TCP:NortonAV
"13060:TCP"= 13060:TCP:NortonAV
"17241:TCP"= 17241:TCP:NortonAV
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [05/09/2007 16:31 10240]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v3.8.273\ATI Tray Tools\atitray.sys [14/11/2005 00:43 12032]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [29/01/2007 10:40 11970]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [25/08/2009 01:22 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [25/08/2009 01:23 234888]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [21/05/2009 16:30 10384]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\kqnrsn.sys --> c:\windows\system32\drivers\kqnrsn.sys [?]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [29/01/2007 10:40 130112]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [29/01/2007 10:40 11841]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [29/01/2007 10:40 296259]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [29/01/2007 10:40 137793]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [29/01/2007 10:40 611444]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [29/01/2007 10:40 27984]
S3 SaiNtSub;SaiNtSub;c:\windows\system32\drivers\SaiNtSub.sys [29/09/2006 22:19 19200]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1123561945-839522115-500Core.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-15 13:03]

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1123561945-839522115-500UA.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-15 13:03]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Intel Physical Address Aventis 1.3 - c:\windows\wciactrl.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {A5C05457-B689-479E-8828-8E71317F0442} = 212.27.40.240,212.27.40.241
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 04:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2452)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\system32\dllhost.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\docume~1\ADMINI~1\LOCALS~1\temp\winjtrufr.exe
c:\docume~1\ADMINI~1\LOCALS~1\temp\winisgxvp.exe
.
**************************************************************************
.
Completion time: 2009-08-28 4:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-28 02:25

Pre-Run: 15 995 953 152 octets libres
Post-Run: 16 770 347 008 octets libres

655
0
Réponse 64 / 106
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
--> Fais analyser ce fichier : c:\windows\ex­plorer.exe

--> Sur VirusTotal et poste le lien de l'analyse.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 106
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
J'ai bien reçu ton fichier c:\windows\ex­plorer.exe, il est infecté par Sality.


/!\ Seul Chayr peut suivre cette procédure. /!\


1/

---> Ouvre le Bloc-notes.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :






KillAll::

FCOPY::
c:\windows\system32\dllcache\explorer.exe|c:\windows\explorer.exe

Driver::
abp470n5
ASKService
ASKUpgrade

File::
c:\windows\system32\drivers\kqnrsn.sys

Folder::
c:\program files\AskBarDis






--> Colle la sélection dans le Bloc-notes.

--> Enregistre ce fichier sur le Bureau (Impératif).

--> Nom du fichier : CFScript
--> Type du fichier : tous les fichiers
--> Clique sur Enregistrer.
--> Quitte le Bloc-notes.


2/

--> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

--> Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

--> Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

--> Une fois le scan achevé, un rapport va s'afficher : poste-le.

--> Si le fichier ne s'ouvre pas, il se trouve ici C:\Combofix.txt
0
Réponse 66 / 106
Chayr Messages postés 109 Statut Membre 1
 
ComboFix 09-08-27.02 - Administrateur 28/08/2009 6:08.2.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.607 [GMT 2:00]
Running from: c:\documents and settings\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\Bureau\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\drivers\kqnrsn.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\AskSplash.exe
c:\program files\AskBarDis\bar\bin\AskTBApp.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\002F2E8D
c:\program files\AskBarDis\bar\Cache\002F32C3
c:\program files\AskBarDis\bar\Cache\002F343A.bin
c:\program files\AskBarDis\bar\Cache\002F35E0.bin
c:\program files\AskBarDis\bar\Cache\002F3776.bin
c:\program files\AskBarDis\bar\Cache\002F38CE.bin
c:\program files\AskBarDis\bar\Cache\002F3A45.bin
c:\program files\AskBarDis\bar\Cache\002F3B7D.bin
c:\program files\AskBarDis\bar\Cache\002F3CB6.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\AskLogo.ico
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5
-------\Legacy_ASKSERVICE
-------\Legacy_ASKUPGRADE
-------\Service_abp470n5
-------\Service_ASKService
-------\Service_ASKUpgrade


((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.

2009-08-28 02:04 . 2009-08-28 02:04 3267911 ----a-r- c:\documents and settings\Bureau\ComboFix.exe
2009-08-27 17:43 . 2009-08-27 17:43 -------- d-----w- C:\_OTM
2009-08-25 00:17 . 2009-08-25 00:17 -------- d-----w- c:\program files\Nero
2009-08-24 23:23 . 2009-08-24 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-08-24 11:47 . 2009-08-27 18:39 -------- d-----w- c:\program files\trend micro
2009-08-24 11:47 . 2009-08-24 11:48 -------- d-----w- C:\rsit
2009-08-24 10:52 . 2009-08-28 04:06 -------- d-----w- c:\documents and settings\Bureau\Ccleaner
2009-08-09 14:49 . 2009-08-09 15:08 -------- d-----w- c:\documents and settings\Bureau\Mariage 8 aout
2009-08-06 18:03 . 2009-08-06 18:06 -------- d-----w- c:\documents and settings\Bureau\Wak board
2009-08-03 17:43 . 2009-08-03 17:43 -------- d-s---w- c:\documents and settings\Administrateur\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 00:09 . 2009-07-21 17:00 -------- d-----w- c:\program files\Alwil Software
2009-08-27 13:59 . 2006-09-08 03:00 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-26 18:02 . 2009-02-26 12:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 00:19 . 2006-08-23 10:19 -------- d-----w- c:\program files\Fichiers communs\Ahead
2009-08-25 00:18 . 2006-08-23 10:28 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Ahead
2009-08-25 00:11 . 2006-09-07 22:21 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Azureus
2009-08-24 23:23 . 2006-09-07 22:11 -------- d-----w- c:\program files\Azureus
2009-08-24 10:19 . 2009-06-20 01:02 -------- d-----w- c:\program files\SwarmPlayer
2009-08-24 10:19 . 2006-12-27 01:42 -------- d-----w- c:\program files\Steam
2009-08-24 10:15 . 2009-06-26 16:41 -------- d-----w- c:\program files\Fichiers communs\Teleca Shared
2009-08-20 14:34 . 2006-08-23 08:33 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Canon
2009-08-03 11:36 . 2009-02-26 12:19 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-02-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 15:42 . 2009-07-23 15:36 -------- d-----w- c:\program files\Free Video Converter
2009-07-21 17:05 . 2008-11-28 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-21 14:03 . 2009-07-21 14:03 3848903 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-20 15:13 . 2006-08-23 02:48 65504 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-20 15:13 . 2009-07-20 15:13 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Xilisoft Corporation
2009-07-20 15:12 . 2009-07-20 15:12 -------- d-----w- c:\program files\Xilisoft
2009-07-20 15:06 . 2009-07-20 15:04 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Python-Eggs
2009-07-19 16:31 . 2009-07-19 16:28 -------- d-----w- c:\documents and settings\Administrateur\Application Data\teamspeak2
2009-07-19 16:28 . 2009-07-19 16:28 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-07-18 12:17 . 2004-08-10 11:00 80610 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-18 12:17 . 2004-08-10 11:00 501764 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-17 18:14 . 2009-07-17 18:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-07-17 15:26 . 2009-07-17 15:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-07-07 21:46 . 2009-07-07 21:46 -------- d-----w- c:\program files\Custom-Strike
2009-07-07 21:46 . 2006-08-23 02:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 18:16 . 2009-07-07 17:57 -------- d-----w- c:\documents and settings\Administrateur\Application Data\HLSW
2009-07-07 17:58 . 2009-07-07 17:57 -------- d-s---w- c:\program files\HLSW
2009-07-07 06:12 . 2008-12-01 12:16 -------- d-----w- c:\documents and settings\Administrateur\Application Data\FileZilla
2009-07-07 05:07 . 2009-07-06 16:26 -------- d-----w- c:\program files\LeechFTP
2009-07-06 15:53 . 2008-12-01 12:16 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-01 16:03 . 2007-12-07 17:21 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Samsung
2009-06-29 13:29 . 2009-06-29 13:29 70384 ----a-w- c:\windows\desctemp.dat
2009-06-24 21:58 . 2009-06-24 21:46 128118 ----a-w- c:\windows\hpoins11.dat
2009-06-24 21:00 . 2009-06-24 20:49 312928648 ----a-w- c:\documents and settings\Bureau\AiO_071_000_201_000_CDA_Default-Full_Network_AmericasEuro1.exe
2009-06-11 14:52 . 2009-07-20 15:04 123904 ----a-w- c:\documents and settings\Administrateur\Application Data\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstflumpegdemux.dll
2009-06-11 14:52 . 2009-07-20 15:04 128000 ----a-w- c:\documents and settings\Administrateur\Application Data\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstfluasfdemux.dll
1999-12-02 12:54 . 2008-09-02 19:41 161280 ------w- c:\program files\xcacls.exe
.

------- Sigcheck -------

[-] 2004-11-25 21:20 506368 048CB871E6F98E41F072B85C67C30925 c:\windows\system32\winlogon.exe

[-] 2004-08-10 11:00 3198464 CDC990FBECEFF120D114C94CF07AF248 c:\windows\explorer.exe
[-] 2004-08-10 11:00 3198464 CDC990FBECEFF120D114C94CF07AF248 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-08-28_02.21.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-28 04:16 . 2009-08-28 04:16 16384 c:\windows\temp\Perflib_Perfdata_a88.dat
+ 2009-08-28 04:13 . 2009-08-28 04:13 16384 c:\windows\temp\Perflib_Perfdata_1e8.dat
+ 2009-08-28 04:16 . 2009-08-28 04:16 16384 c:\windows\temp\Perflib_Perfdata_1d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 146680]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-11-24 172032]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3959136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 229376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 105328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 514984]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-21 879120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 22:30 72208 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[COLOR=RED] SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. /COLOR

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Stardock ObjectDock.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^TribalWeb.net.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\TribalWeb.net.lnk
backup=c:\windows\pss\TribalWeb.net.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\TribalWeb.net\\tribalweb.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kidou666\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\Bureau\\Ccleaner\\UsbFix.exe"=
"c:\\SDFix\\apps\\ERUNT.EXE"=
"c:\\WINDOWS\\system32\\ntvdm.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe"=
"c:\\WINDOWS\\system32\\CF23390.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5525:TCP"= 5525:TCP:mule
"5535:UDP"= 5535:UDP:mule2
"14083:TCP"= 14083:TCP:NortonAV
"12851:TCP"= 12851:TCP:NortonAV
"14266:TCP"= 14266:TCP:NortonAV
"14502:TCP"= 14502:TCP:NortonAV
"15005:TCP"= 15005:TCP:NortonAV
"18665:TCP"= 18665:TCP:NortonAV
"14983:TCP"= 14983:TCP:NortonAV
"15707:TCP"= 15707:TCP:NortonAV
"14331:TCP"= 14331:TCP:NortonAV
"12317:TCP"= 12317:TCP:NortonAV
"15887:TCP"= 15887:TCP:NortonAV
"12538:TCP"= 12538:TCP:NortonAV
"15242:TCP"= 15242:TCP:NortonAV
"13784:TCP"= 13784:TCP:NortonAV
"14918:TCP"= 14918:TCP:NortonAV
"13481:TCP"= 13481:TCP:NortonAV
"16817:TCP"= 16817:TCP:NortonAV
"12290:TCP"= 12290:TCP:NortonAV
"13564:TCP"= 13564:TCP:NortonAV
"17921:TCP"= 17921:TCP:NortonAV
"14187:TCP"= 14187:TCP:NortonAV
"17679:TCP"= 17679:TCP:NortonAV
"16694:TCP"= 16694:TCP:NortonAV
"18634:TCP"= 18634:TCP:NortonAV
"15336:TCP"= 15336:TCP:NortonAV
"17790:TCP"= 17790:TCP:NortonAV
"15932:TCP"= 15932:TCP:NortonAV
"18820:TCP"= 18820:TCP:NortonAV
"13782:TCP"= 13782:TCP:NortonAV
"12746:TCP"= 12746:TCP:NortonAV
"17231:TCP"= 17231:TCP:NortonAV
"12863:TCP"= 12863:TCP:NortonAV
"13919:TCP"= 13919:TCP:NortonAV
"18431:TCP"= 18431:TCP:NortonAV
"17456:TCP"= 17456:TCP:NortonAV
"14567:TCP"= 14567:TCP:NortonAV
"12274:TCP"= 12274:TCP:NortonAV
"13361:TCP"= 13361:TCP:NortonAV
"13953:TCP"= 13953:TCP:NortonAV
"12039:TCP"= 12039:TCP:NortonAV
"15992:TCP"= 15992:TCP:NortonAV
"14902:TCP"= 14902:TCP:NortonAV
"17551:TCP"= 17551:TCP:NortonAV
"16951:TCP"= 16951:TCP:NortonAV
"13794:TCP"= 13794:TCP:NortonAV
"16220:TCP"= 16220:TCP:NortonAV
"18500:TCP"= 18500:TCP:NortonAV
"15353:TCP"= 15353:TCP:NortonAV
"16532:TCP"= 16532:TCP:NortonAV
"17463:TCP"= 17463:TCP:NortonAV
"12429:TCP"= 12429:TCP:NortonAV
"15018:TCP"= 15018:TCP:NortonAV
"12822:TCP"= 12822:TCP:NortonAV
"12020:TCP"= 12020:TCP:NortonAV
"12272:TCP"= 12272:TCP:NortonAV
"14369:TCP"= 14369:TCP:NortonAV
"14256:TCP"= 14256:TCP:NortonAV
"16120:TCP"= 16120:TCP:NortonAV
"18926:TCP"= 18926:TCP:NortonAV
"13592:TCP"= 13592:TCP:NortonAV
"12261:TCP"= 12261:TCP:NortonAV
"17383:TCP"= 17383:TCP:NortonAV
"17918:TCP"= 17918:TCP:NortonAV
"12298:TCP"= 12298:TCP:NortonAV
"15394:TCP"= 15394:TCP:NortonAV
"12417:TCP"= 12417:TCP:NortonAV
"18704:TCP"= 18704:TCP:NortonAV
"13466:TCP"= 13466:TCP:NortonAV
"14508:TCP"= 14508:TCP:NortonAV
"17934:TCP"= 17934:TCP:NortonAV
"15453:TCP"= 15453:TCP:NortonAV
"15639:TCP"= 15639:TCP:NortonAV
"16756:TCP"= 16756:TCP:NortonAV
"17640:TCP"= 17640:TCP:NortonAV
"13989:TCP"= 13989:TCP:NortonAV
"17466:TCP"= 17466:TCP:NortonAV
"12339:TCP"= 12339:TCP:NortonAV
"18966:TCP"= 18966:TCP:NortonAV
"13626:TCP"= 13626:TCP:NortonAV
"15697:TCP"= 15697:TCP:NortonAV
"14292:TCP"= 14292:TCP:NortonAV
"18637:TCP"= 18637:TCP:NortonAV
"17337:TCP"= 17337:TCP:NortonAV
"12281:TCP"= 12281:TCP:NortonAV
"13638:TCP"= 13638:TCP:NortonAV
"17102:TCP"= 17102:TCP:NortonAV
"14112:TCP"= 14112:TCP:NortonAV
"12067:TCP"= 12067:TCP:NortonAV
"14108:TCP"= 14108:TCP:NortonAV
"15561:TCP"= 15561:TCP:NortonAV
"15245:TCP"= 15245:TCP:NortonAV
"12682:TCP"= 12682:TCP:NortonAV
"15602:TCP"= 15602:TCP:NortonAV
"15084:TCP"= 15084:TCP:NortonAV
"13804:TCP"= 13804:TCP:NortonAV
"17434:TCP"= 17434:TCP:NortonAV
"13088:TCP"= 13088:TCP:NortonAV
"18882:TCP"= 18882:TCP:NortonAV
"17866:TCP"= 17866:TCP:NortonAV
"16341:TCP"= 16341:TCP:NortonAV
"17594:TCP"= 17594:TCP:NortonAV
"17265:TCP"= 17265:TCP:NortonAV
"14073:TCP"= 14073:TCP:NortonAV
"17740:TCP"= 17740:TCP:NortonAV
"12069:TCP"= 12069:TCP:NortonAV
"16583:TCP"= 16583:TCP:NortonAV
"14070:TCP"= 14070:TCP:NortonAV
"15969:TCP"= 15969:TCP:NortonAV
"16095:TCP"= 16095:TCP:NortonAV
"15360:TCP"= 15360:TCP:NortonAV
"14412:TCP"= 14412:TCP:NortonAV
"13462:TCP"= 13462:TCP:NortonAV
"12430:TCP"= 12430:TCP:NortonAV
"12443:TCP"= 12443:TCP:NortonAV
"16700:TCP"= 16700:TCP:NortonAV
"16657:TCP"= 16657:TCP:NortonAV
"15485:TCP"= 15485:TCP:NortonAV
"13514:TCP"= 13514:TCP:NortonAV
"18070:TCP"= 18070:TCP:NortonAV
"18319:TCP"= 18319:TCP:NortonAV
"18436:TCP"= 18436:TCP:NortonAV
"12121:TCP"= 12121:TCP:NortonAV
"12158:TCP"= 12158:TCP:NortonAV
"18334:TCP"= 18334:TCP:NortonAV
"15698:TCP"= 15698:TCP:NortonAV
"17432:TCP"= 17432:TCP:NortonAV
"13123:TCP"= 13123:TCP:NortonAV
"16096:TCP"= 16096:TCP:NortonAV
"14691:TCP"= 14691:TCP:NortonAV
"18612:TCP"= 18612:TCP:NortonAV
"16299:TCP"= 16299:TCP:NortonAV
"18163:TCP"= 18163:TCP:NortonAV
"16775:TCP"= 16775:TCP:NortonAV
"16082:TCP"= 16082:TCP:NortonAV
"14278:TCP"= 14278:TCP:NortonAV
"14802:TCP"= 14802:TCP:NortonAV
"15407:TCP"= 15407:TCP:NortonAV
"13853:TCP"= 13853:TCP:NortonAV
"15114:TCP"= 15114:TCP:NortonAV
"18484:TCP"= 18484:TCP:NortonAV
"18344:TCP"= 18344:TCP:NortonAV
"17763:TCP"= 17763:TCP:NortonAV
"18508:TCP"= 18508:TCP:NortonAV
"12953:TCP"= 12953:TCP:NortonAV
"14720:TCP"= 14720:TCP:NortonAV
"17259:TCP"= 17259:TCP:NortonAV
"16929:TCP"= 16929:TCP:NortonAV
"13768:TCP"= 13768:TCP:NortonAV
"57645:TCP"= 57645:TCP:Pando P2P TCP Listening Port
"57645:UDP"= 57645:UDP:Pando P2P UDP Listening Port
"14789:TCP"= 14789:TCP:NortonAV
"16911:TCP"= 16911:TCP:NortonAV
"14349:TCP"= 14349:TCP:NortonAV
"13150:TCP"= 13150:TCP:NortonAV
"16386:TCP"= 16386:TCP:NortonAV
"17939:TCP"= 17939:TCP:NortonAV
"12285:TCP"= 12285:TCP:NortonAV
"13106:TCP"= 13106:TCP:NortonAV
"15985:TCP"= 15985:TCP:NortonAV
"15458:TCP"= 15458:TCP:NortonAV
"13669:TCP"= 13669:TCP:NortonAV
"17324:TCP"= 17324:TCP:NortonAV
"12797:TCP"= 12797:TCP:NortonAV
"13608:TCP"= 13608:TCP:NortonAV
"13183:TCP"= 13183:TCP:NortonAV
"16957:TCP"= 16957:TCP:NortonAV
"18577:TCP"= 18577:TCP:NortonAV
"17081:TCP"= 17081:TCP:NortonAV
"18792:TCP"= 18792:TCP:NortonAV
"18234:TCP"= 18234:TCP:NortonAV
"13335:TCP"= 13335:TCP:NortonAV
"13797:TCP"= 13797:TCP:NortonAV
"16861:TCP"= 16861:TCP:NortonAV
"12169:TCP"= 12169:TCP:NortonAV
"13011:TCP"= 13011:TCP:NortonAV
"18797:TCP"= 18797:TCP:NortonAV
"18504:TCP"= 18504:TCP:NortonAV
"15435:TCP"= 15435:TCP:NortonAV
"14700:TCP"= 14700:TCP:NortonAV
"14332:TCP"= 14332:TCP:NortonAV
"15158:TCP"= 15158:TCP:NortonAV
"12396:TCP"= 12396:TCP:NortonAV
"17723:TCP"= 17723:TCP:NortonAV
"15571:TCP"= 15571:TCP:NortonAV
"17948:TCP"= 17948:TCP:NortonAV
"14846:TCP"= 14846:TCP:NortonAV
"14772:TCP"= 14772:TCP:NortonAV
"12011:TCP"= 12011:TCP:NortonAV
"15876:TCP"= 15876:TCP:NortonAV
"18471:TCP"= 18471:TCP:NortonAV
"17795:TCP"= 17795:TCP:NortonAV
"18218:TCP"= 18218:TCP:NortonAV
"18318:TCP"= 18318:TCP:NortonAV
"15297:TCP"= 15297:TCP:NortonAV
"15372:TCP"= 15372:TCP:NortonAV
"16369:TCP"= 16369:TCP:NortonAV
"15300:TCP"= 15300:TCP:NortonAV
"16105:TCP"= 16105:TCP:NortonAV
"18889:TCP"= 18889:TCP:NortonAV
"15953:TCP"= 15953:TCP:NortonAV
"17855:TCP"= 17855:TCP:NortonAV
"16607:TCP"= 16607:TCP:NortonAV
"18904:TCP"= 18904:TCP:NortonAV
"17799:TCP"= 17799:TCP:NortonAV
"16420:TCP"= 16420:TCP:NortonAV
"13082:TCP"= 13082:TCP:NortonAV
"14002:TCP"= 14002:TCP:NortonAV
"16719:TCP"= 16719:TCP:NortonAV
"17029:TCP"= 17029:TCP:NortonAV
"13876:TCP"= 13876:TCP:NortonAV
"17526:TCP"= 17526:TCP:NortonAV
"16223:TCP"= 16223:TCP:NortonAV
"13219:TCP"= 13219:TCP:NortonAV
"17009:TCP"= 17009:TCP:NortonAV
"13529:TCP"= 13529:TCP:NortonAV
"15264:TCP"= 15264:TCP:NortonAV
"14956:TCP"= 14956:TCP:NortonAV
"18645:TCP"= 18645:TCP:NortonAV
"12151:TCP"= 12151:TCP:NortonAV
"13830:TCP"= 13830:TCP:NortonAV
"16224:TCP"= 16224:TCP:NortonAV
"14130:TCP"= 14130:TCP:NortonAV
"16823:TCP"= 16823:TCP:NortonAV
"18397:TCP"= 18397:TCP:NortonAV
"14938:TCP"= 14938:TCP:NortonAV
"17784:TCP"= 17784:TCP:NortonAV
"18136:TCP"= 18136:TCP:NortonAV
"15933:TCP"= 15933:TCP:NortonAV
"13319:TCP"= 13319:TCP:NortonAV
"13117:TCP"= 13117:TCP:NortonAV
"14750:TCP"= 14750:TCP:NortonAV
"18357:TCP"= 18357:TCP:NortonAV
"18271:TCP"= 18271:TCP:NortonAV
"14859:TCP"= 14859:TCP:NortonAV
"17850:TCP"= 17850:TCP:NortonAV
"17420:TCP"= 17420:TCP:NortonAV
"15574:TCP"= 15574:TCP:NortonAV
"17804:TCP"= 17804:TCP:NortonAV
"14034:TCP"= 14034:TCP:NortonAV
"15694:TCP"= 15694:TCP:NortonAV
"18347:TCP"= 18347:TCP:NortonAV
"15168:TCP"= 15168:TCP:NortonAV
"13571:TCP"= 13571:TCP:NortonAV
"15358:TCP"= 15358:TCP:NortonAV
"15190:TCP"= 15190:TCP:NortonAV
"17793:TCP"= 17793:TCP:NortonAV
"12022:TCP"= 12022:TCP:NortonAV
"15565:TCP"= 15565:TCP:NortonAV
"12631:TCP"= 12631:TCP:NortonAV
"15277:TCP"= 15277:TCP:NortonAV
"13688:TCP"= 13688:TCP:NortonAV
"14914:TCP"= 14914:TCP:NortonAV
"15749:TCP"= 15749:TCP:NortonAV
"17243:TCP"= 17243:TCP:NortonAV
"16725:TCP"= 16725:TCP:NortonAV
"18008:TCP"= 18008:TCP:NortonAV
"14808:TCP"= 14808:TCP:NortonAV
"17424:TCP"= 17424:TCP:NortonAV
"16569:TCP"= 16569:TCP:NortonAV
"16121:TCP"= 16121:TCP:NortonAV
"14463:TCP"= 14463:TCP:NortonAV
"15502:TCP"= 15502:TCP:NortonAV
"12173:TCP"= 12173:TCP:NortonAV
"13565:TCP"= 13565:TCP:NortonAV
"17038:TCP"= 17038:TCP:NortonAV
"14800:TCP"= 14800:TCP:NortonAV
"12503:TCP"= 12503:TCP:NortonAV
"16356:TCP"= 16356:TCP:NortonAV
"13203:TCP"= 13203:TCP:NortonAV
"15881:TCP"= 15881:TCP:NortonAV
"12393:TCP"= 12393:TCP:NortonAV
"14989:TCP"= 14989:TCP:NortonAV
"14153:TCP"= 14153:TCP:NortonAV
"16631:TCP"= 16631:TCP:NortonAV
"13554:TCP"= 13554:TCP:NortonAV
"13686:TCP"= 13686:TCP:NortonAV
"16418:TCP"= 16418:TCP:NortonAV
"13954:TCP"= 13954:TCP:NortonAV
"15130:TCP"= 15130:TCP:NortonAV
"16001:TCP"= 16001:TCP:NortonAV
"15871:TCP"= 15871:TCP:NortonAV
"17133:TCP"= 17133:TCP:NortonAV
"17506:TCP"= 17506:TCP:NortonAV
"13388:TCP"= 13388:TCP:NortonAV
"15664:TCP"= 15664:TCP:NortonAV
"14216:TCP"= 14216:TCP:NortonAV
"17161:TCP"= 17161:TCP:NortonAV
"13493:TCP"= 13493:TCP:NortonAV
"16769:TCP"= 16769:TCP:NortonAV
"16553:TCP"= 16553:TCP:NortonAV
"16507:TCP"= 16507:TCP:NortonAV
"13840:TCP"= 13840:TCP:NortonAV
"17469:TCP"= 17469:TCP:NortonAV
"18952:TCP"= 18952:TCP:NortonAV
"13992:TCP"= 13992:TCP:NortonAV
"12663:TCP"= 12663:TCP:NortonAV
"14776:TCP"= 14776:TCP:NortonAV
"12567:TCP"= 12567:TCP:NortonAV
"14551:TCP"= 14551:TCP:NortonAV
"15178:TCP"= 15178:TCP:NortonAV
"18893:TCP"= 18893:TCP:NortonAV
"16382:TCP"= 16382:TCP:NortonAV
"13537:TCP"= 13537:TCP:NortonAV
"14406:TCP"= 14406:TCP:NortonAV
"13205:TCP"= 13205:TCP:NortonAV
"14145:TCP"= 14145:TCP:NortonAV
"14952:TCP"= 14952:TCP:NortonAV
"13761:TCP"= 13761:TCP:NortonAV
"18886:TCP"= 18886:TCP:NortonAV
"18316:TCP"= 18316:TCP:NortonAV
"18004:TCP"= 18004:TCP:NortonAV
"15536:TCP"= 15536:TCP:NortonAV
"13536:TCP"= 13536:TCP:NortonAV
"18477:TCP"= 18477:TCP:NortonAV
"13816:TCP"= 13816:TCP:NortonAV
"13820:TCP"= 13820:TCP:NortonAV
"14565:TCP"= 14565:TCP:NortonAV
"17144:TCP"= 17144:TCP:NortonAV
"13505:TCP"= 13505:TCP:NortonAV
"18122:TCP"= 18122:TCP:NortonAV
"18408:TCP"= 18408:TCP:NortonAV
"12932:TCP"= 12932:TCP:NortonAV
"15591:TCP"= 15591:TCP:NortonAV
"18681:TCP"= 18681:TCP:NortonAV
"17338:TCP"= 17338:TCP:NortonAV
"16452:TCP"= 16452:TCP:NortonAV
"14757:TCP"= 14757:TCP:NortonAV
"13628:TCP"= 13628:TCP:NortonAV
"18258:TCP"= 18258:TCP:NortonAV
"13221:TCP"= 13221:TCP:NortonAV
"13164:TCP"= 13164:TCP:NortonAV
"14300:TCP"= 14300:TCP:NortonAV
"15193:TCP"= 15193:TCP:NortonAV
"16827:TCP"= 16827:TCP:NortonAV
"16348:TCP"= 16348:TCP:NortonAV
"14469:TCP"= 14469:TCP:NortonAV
"17502:TCP"= 17502:TCP:NortonAV
"16822:TCP"= 16822:TCP:NortonAV
"14297:TCP"= 14297:TCP:NortonAV
"16124:TCP"= 16124:TCP:NortonAV
"12318:TCP"= 12318:TCP:NortonAV
"17794:TCP"= 17794:TCP:NortonAV
"17760:TCP"= 17760:TCP:NortonAV
"17141:TCP"= 17141:TCP:NortonAV
"17650:TCP"= 17650:TCP:NortonAV
"18885:TCP"= 18885:TCP:NortonAV
"17135:TCP"= 17135:TCP:NortonAV
"16922:TCP"= 16922:TCP:NortonAV
"13099:TCP"= 13099:TCP:NortonAV
"16245:TCP"= 16245:TCP:NortonAV
"17223:TCP"= 17223:TCP:NortonAV
"18985:TCP"= 18985:TCP:NortonAV
"16651:TCP"= 16651:TCP:NortonAV
"14932:TCP"= 14932:TCP:NortonAV
"14543:TCP"= 14543:TCP:NortonAV
"12782:TCP"= 12782:TCP:NortonAV
"14019:TCP"= 14019:TCP:NortonAV
"17651:TCP"= 17651:TCP:NortonAV
"14410:TCP"= 14410:TCP:NortonAV
"18309:TCP"= 18309:TCP:NortonAV
"13110:TCP"= 13110:TCP:NortonAV
"15325:TCP"= 15325:TCP:NortonAV
"12433:TCP"= 12433:TCP:NortonAV
"12674:TCP"= 12674:TCP:NortonAV
"15840:TCP"= 15840:TCP:NortonAV
"12209:TCP"= 12209:TCP:NortonAV
"12422:TCP"= 12422:TCP:NortonAV
"13186:TCP"= 13186:TCP:NortonAV
"13557:TCP"= 13557:TCP:NortonAV
"12438:TCP"= 12438:TCP:NortonAV
"15583:TCP"= 15583:TCP:NortonAV
"16622:TCP"= 16622:TCP:NortonAV
"12555:TCP"= 12555:TCP:NortonAV
"17025:TCP"= 17025:TCP:NortonAV
"12456:TCP"= 12456:TCP:NortonAV
"15515:TCP"= 15515:TCP:NortonAV
"13180:TCP"= 13180:TCP:NortonAV
"12833:TCP"= 12833:TCP:NortonAV
"16767:TCP"= 16767:TCP:NortonAV
"12936:TCP"= 12936:TCP:NortonAV
"15721:TCP"= 15721:TCP:NortonAV
"13455:TCP"= 13455:TCP:NortonAV
"12574:TCP"= 12574:TCP:NortonAV
"14413:TCP"= 14413:TCP:NortonAV
"13465:TCP"= 13465:TCP:NortonAV
"14156:TCP"= 14156:TCP:NortonAV
"16999:TCP"= 16999:TCP:NortonAV
"13847:TCP"= 13847:TCP:NortonAV
"18744:TCP"= 18744:TCP:NortonAV
"18960:TCP"= 18960:TCP:NortonAV
"12825:TCP"= 12825:TCP:NortonAV
"13401:TCP"= 13401:TCP:NortonAV
"16596:TCP"= 16596:TCP:NortonAV
"12189:TCP"= 12189:TCP:NortonAV
"13060:TCP"= 13060:TCP:NortonAV
"17241:TCP"= 17241:TCP:NortonAV
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [05/09/2007 16:31 10240]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v3.8.273\ATI Tray Tools\atitray.sys [14/11/2005 00:43 12032]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [29/01/2007 10:40 11970]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [21/05/2009 16:30 10384]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [29/01/2007 10:40 130112]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [29/01/2007 10:40 11841]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [29/01/2007 10:40 296259]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [29/01/2007 10:40 137793]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [29/01/2007 10:40 611444]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [29/01/2007 10:40 27984]
S3 SaiNtSub;SaiNtSub;c:\windows\system32\drivers\SaiNtSub.sys [29/09/2006 22:19 19200]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ABP470N5
.
Contents of the 'Scheduled Tasks' folder

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1123561945-839522115-500Core.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-15 13:03]

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1123561945-839522115-500UA.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-15 13:03]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {A5C05457-B689-479E-8828-8E71317F0442} = 212.27.40.240,212.27.40.241
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 06:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3856)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\system32\dllhost.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-08-28 6:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-28 04:21
ComboFix2.txt 2009-08-28 02:25

Pre-Run: 16 601 223 168 octets libres
Post-Run: 16 732 938 240 octets libres

683
0
Réponse 67 / 106
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Bien, refais un examen rapide avec Malwarebytes' Anti-Malware et poste le rapport.
0
Réponse 68 / 106
Chayr Messages postés 109 Statut Membre 1
 
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2700
Windows 5.1.2600 Service Pack 2

28/08/2009 06:45:22
mbam-log-2009-08-28 (06-45-08).txt

Type de recherche: Examen rapide
Eléments examinés: 92443
Temps écoulé: 10 minute(s), 5 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Administrateur\Local Settings\temp\ckla.exe (Trojan.Agent) -> No action taken.
0
Réponse 69 / 106
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
--> Refais un scan RSIT et poste le rapport log.
0
Réponse 70 / 106
Chayr Messages postés 109 Statut Membre 1
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-08-28 06:57:53
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 16 GB (20%) free of 78 GB
Total RAM: 1023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:58:07, on 28/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpceaml.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dqdapt.exe
C:\Documents and Settings\Bureau\Ccleaner\RSIT.exe
C:\Documents and Settings\Bureau\Ccleaner\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O14 - IERESET.INF: START_PAGE_URL=www.generation-nt.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5C05457-B689-479E-8828-8E71317F0442}: NameServer = 212.27.40.240,212.27.40.241
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - (no file)
0
Réponse 71 / 106
Chayr Messages postés 109 Statut Membre 1
 
Destrio5 :

Drweb n'a pas voulu se lancer j'ai essayé de le retélecharger sur plusioeur site (CCM / 01net/ et le lien que tu m'avais donné) mais il ne se passe rien ou pas grand chose.

Il faudrait que tu me le redonne comme on a fait tout a l'heure en supprimant l'.exe.

je ne sais pas ce qu'il a eu

Bye
0
Réponse 72 / 106
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Ok, pas de souci, j'ai bien reçu ton mail.
0
Réponse 73 / 106
Chayr Messages postés 109 Statut Membre 1
 
je vien finalement de réussir a faire le scan avec Dr Web
Voici le rapport :

googleupdate.exe c:\documents and settings\administrateur\local settings\application data\google\update Win32.Sector.19 Désinfecté.
vjfob.exe c:\documents and settings\administrateur\local settings\temp Trojan.MailSpam.41 Supprimé.
reader_sl.exe c:\program files\adobe\reader 9.0\reader Win32.Sector.19 Désinfecté.
adobelmsvc.exe c:\program files\fichiers communs\adobe systems shared\service Win32.Sector.19 Désinfecté.
nmbgmonitor.exe c:\program files\fichiers communs\ahead\lib Win32.Sector.19 Désinfecté.
lbtserv.exe c:\program files\fichiers communs\logishrd\bluetooth Win32.Sector.19 Désinfecté.
dwtrig20.exe c:\program files\fichiers communs\microsoft shared\dw Win32.Sector.19 Désinfecté.
googleupdaterservice.exe c:\program files\google\common\google updater Win32.Sector.19 Désinfecté.
googletoolbarnotifier.exe c:\program files\google\googletoolbarnotifier Win32.Sector.19 Désinfecté.
setpoint.exe c:\program files\logitech\setpoint Win32.Sector.19 Désinfecté.
msnmsgr.exe c:\program files\windows live\messenger Win32.Sector.19 Désinfecté.
msiexec.exe c:\windows\system32 Win32.Sector.19 Désinfecté.
nerocheck.exe c:\windows\system32 Win32.Sector.19 Désinfecté.
xtxh.exe g:\ Win32.Sector.19 Désinfecté.
ehiwt.cmd n:\ Win32.Sector.19 Désinfecté.
krvh.cmd o:\ Win32.Sector.19 Désinfecté.
elxujj.pif p:\ Win32.Sector.19 Désinfecté.
TWUNK_32.EXE C:\CanoScan\CNQL20\CNQSG70 Win32.Sector.19 Désinfecté.
CANOIT32.EXE C:\CanoScan\CNQL30\CNQSG70 Win32.Sector.19 Désinfecté.
TWUNK_32.EXE C:\CanoScan\CNQL30\CNQSG70 Win32.Sector.19 Désinfecté.
fpupdateax.exe C:\Documents and Settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax Win32.Sector.19 Désinfecté.
schedule.exe C:\Documents and Settings\Administrateur\Application Data\Real\Update\setup Win32.Sector.19 Désinfecté.
setup.exe C:\Documents and Settings\Administrateur\Application Data\Real\Update\setup Win32.Sector.19 Désinfecté.
firefoxgoogletoolbarsetup.exe C:\Documents and Settings\Administrateur\Application Data\Real\Update\setup\data\ff Win32.Sector.19 Désinfecté.
googletoolbarinstaller.exe C:\Documents and Settings\Administrateur\Application Data\Real\Update\setup\data\gtb\GOOGLE_TOOLBAR Win32.Sector.19 Désinfecté.
googletoolbarinstaller.exe C:\Documents and Settings\Administrateur\Application Data\Real\Update\setup\data\gtb_gds\GOOGLE_TOOLBAR Win32.Sector.19 Désinfecté.
RealPlayer11GOLD_fr.exe C:\Documents and Settings\Administrateur\Application Data\Real\Update\setup\data\rp Win32.Sector.19 Désinfecté.
cleanup.exe C:\Documents and Settings\Administrateur\Application Data\U3\temp Win32.Sector.19 Désinfecté.
chrome.exe C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application Win32.Sector.19 Désinfecté.
setup.exe C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\2.0.172.43\Installer Win32.Sector.19 Désinfecté.
GoogleCrashHandler.exe C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\1.2.183.7 Win32.Sector.19 Désinfecté.
GoogleUpdate.exe C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\1.2.183.7 Win32.Sector.19 Désinfecté.
GoogleUpdateSetup.exe C:\Documents and Settings\Administrateur\Local Settings\Apps\2.0\RCKNYMKE.VQ1\Y7G023HC.QZD\clic...exe_9a8dfcd080ccb114_0001.000 Win32.Sector.19 Désinfecté.
FileZilla_3.2.6.1_win32-setup.exe C:\Documents and Settings\Administrateur\Mes documents Win32.Sector.19 Désinfecté.
CD.exe C:\Documents and Settings\Administrateur\Mes documents\Downloads Win32.Sector.19 Désinfecté.
Decal_Converter_1.3.exe C:\Documents and Settings\Administrateur\Mes documents\Downloads Win32.Sector.19 Désinfecté.
Flash_Disinfector.exe\nircmd.exe C:\Documents and Settings\Administrateur\Mes documents\Downloads\Flash_Disinfector.exe Tool.NirCmd.1
Flash_Disinfector.exe C:\Documents and Settings\Administrateur\Mes documents\Downloads L'archive contient des éléments infectés Quarantaine.
install_flash_player.exe C:\Documents and Settings\Administrateur\Mes documents\Downloads Win32.Sector.19 Désinfecté.
Setup.exe C:\Documents and Settings\Administrateur\Mes documents\Downloads Win32.Sector.19 Désinfecté.
wrar390fr.exe C:\Documents and Settings\Administrateur\Mes documents\Downloads Win32.Sector.19 Désinfecté.
x-hd-video-converter-283667.exe C:\Documents and Settings\Administrateur\Mes documents\Downloads Win32.Sector.19 Irréparable.Quarantaine.
ffmpeg.exe C:\Documents and Settings\Administrateur\Mes documents\Downloads\dragdrop_wm Win32.Sector.19 Désinfecté.
MSSetup.exe C:\Documents and Settings\Administrateur\Mes documents\Downloads\MultimediaServices Win32.Sector.19 Désinfecté.
procexp.exe C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus Win32.Sector.19 Désinfecté.
0
Réponse 74 / 106
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
--> Télécharge UsbFix (de Chiquitine29 & C_XX) sur ton Bureau.

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci UsbFix et choisir Exécuter en tant qu'administrateur)

--> Choisis l'option 1 (Recherche).

--> Laisse travailler l'outil.

--> Poste le rapport UsbFix.txt.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
0
Réponse 75 / 106
anonyme
 
perso je comprend pas pourquoi certains ce chope des véroles sur leurs pc faudrais m'expliquer le pourquoi !
bon sang j'ai un pc qui tourne sur internet depuis plus de 3 ans et pas de virus ou ralentissement ou ecran bleu enfin perso rien de tout ça !
0
Réponse 76 / 106
Chayr Messages postés 109 Statut Membre 1
 
"De anonyme :

Perso je comprend pas pourquoi certains ce chope des véroles sur leurs pc faudrais m'expliquer le pourquoi !
bon sang j'ai un pc qui tourne sur internet depuis plus de 3 ans et pas de virus ou ralentissement ou ecran bleu enfin perso rien de tout ça ! "



C'est scandaleux !




Voici le rapport de Usbfix demandé par destrio5.


############################## | UsbFix V6.024 |

User : Administrateur (Administrateurs) # ORDICHAMBRE
Update on 01/09/09 by Chiquitine29, C_XX & Chimay8
Start at: 18:49:00 | 01/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Pentium(R) 4 CPU 2.40GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled

C:\ -> Disque fixe local # 76,32 Go (14,03 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible # 1,83 Go (1,6 Go free) # FAT32
I:\ -> Disque amovible
J:\ -> Disque amovible # 966,72 Mo (3,47 Mo free) [CANON_DC] # FAT32
K:\ -> Disque amovible
L:\ -> Disque amovible
M:\ -> Disque amovible # 947,95 Mo (432,03 Mo free) # FAT32
N:\ -> Disque amovible # 982 Mo (944,62 Mo free) [KINGSTON] # FAT32
O:\ -> Disque amovible # 1,89 Go (4,94 Mo free) [NIKON D80] # FAT
P:\ -> Disque amovible # 1,87 Go (15,31 Mo free) [KINGSTON] # FAT
Q:\ -> Disque fixe local # 189,92 Go (26,51 Go free) [Maxtor 200 Go 7200 tpm] # NTFS
R:\ -> Disque fixe local # 416,92 Go (314,09 Go free) [500GoPart1] # NTFS
V:\ -> Disque fixe local # 48,83 Go (48,74 Go free) [500GoPart2] # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mukh.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuues.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

Présent ! C:\autorun.inf
H:\autorun.inf # -> fichier appelé : "H:\rbdo.exe" ( Présent ! )
Présent ! H:\autorun.inf
J:\autorun.inf # -> fichier appelé : "J:\ucyy.cmd" ( Présent ! )
Présent ! J:\autorun.inf
M:\autorun.inf # -> fichier appelé : "M:\xtxh.exe" ( Présent ! )
Présent ! M:\autorun.inf
N:\autorun.inf # -> fichier appelé : "N:\ ehiwt.cmd" ( Absent ! )
Présent ! N:\.vbs
Présent ! N:\autorun.inf
O:\autorun.inf # -> fichier appelé : "O:\krvh.cmd" ( Présent ! )
Présent ! O:\autorun.inf
P:\autorun.inf # -> fichier appelé : "P:\elxujj.pif" ( Présent ! )
Présent ! P:\autorun.inf
Présent ! P:\elxujj.pif

################## | Suspect ! ... | https://www.virustotal.com/gui/ |


################## | Registre # Clés Run infectieuses |

Présent ! HKLM\software\microsoft\security center "AntiVirusDisableNotify" ( 0x1 )
Présent ! HKLM\software\microsoft\security center "AntiVirusOverride" ( 0x1 )
Présent ! HKLM\software\microsoft\security center "FirewallDisableNotify" ( 0x1 )
Présent ! HKLM\software\microsoft\security center "FirewallOverride" ( 0x1 )
Présent ! HKLM\software\microsoft\security center "UacDisableNotify" ( 0x1 )
Présent ! HKLM\software\microsoft\security center "UpdatesDisableNotify" ( 0x1 )
Présent ! HKLM\software\microsoft\security center\Svc "AntiVirusDisableNotify" ( 0x1 )
Présent ! HKLM\software\microsoft\security center\Svc "AntiVirusOverride" ( 0x1 )
Présent ! HKLM\software\microsoft\security center\Svc "FirewallDisableNotify" ( 0x1 )
Présent ! HKLM\software\microsoft\security center\Svc "FirewallOverride" ( 0x1 )
Présent ! HKLM\software\microsoft\security center\Svc "UacDisableNotify" ( 0x1 )
Présent ! HKLM\software\microsoft\security center\Svc "UpdatesDisableNotify" ( 0x1 )
Présent ! HKCU\SOFTWARE\...\CurrentVersion\Policies\System "DisableRegistryTools" ( 0x1 )
Présent ! HKCU\SOFTWARE\...\CurrentVersion\Policies\System "DisableTaskMgr" ( 0x1 )

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{8da5c0e7-70de-11db-897b-00085416cef5}
shell\AuToplay\comMAND =H:\rbdo.exe
shell\AutoRun\command =H:\rbdo.exe
shell\explOre\commaNd =H:\rbdo.exe
shell\opEN\coMMANd =H:\rbdo.exe

################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.024 ! |
0
Réponse 77 / 106
anonyme
 
pourquoi scandaleu ?
0
Réponse 78 / 106
Chayr Messages postés 109 Statut Membre 1
 
Que certain se chope des virus, comme moi.
Cela ne devrait jamais arrivé on se demande comment on fait !
0
Réponse 79 / 106
Anonyme
 
je comprend pas et je le répete aucun formatage de ma part plus de 3 ans j'ai kaspersky doublé de spybot et aucun probléme !
mais ou allez vous trainer sur internet pour vous choper des vérole a plus en finir ?
0
Réponse 80 / 106
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix présent sur ton Bureau.

--> Choisis l'option 2 (Suppression).

--> Ton Bureau disparaîtra et le PC redémarrera.

--> Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

--> Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
" Échec de l'analyse antivirus " la solution.
bazfile -
bazfile -

0 réponse
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses