Sujet Précédent Sujet Suivant

Probleme virus redirection internet

vae victis -  
 vae victis -
Bonjour,
je dispose d'un ordinateur portable Vayo vgn-sr21m avec vista..
j'ai un gros soucis de redirection de page google sur des sites n'ayant rien à voir (porno la plupart du temps).
J'ai ce problème depuis que j'ai effectué certaines mises à jour, windows et surtout mcafee. J'ai navigué sur le forum et il semblerai que pour tuer ce ou ces virus, il me faudrai procéder à plusieurs installations de programes, ors, je ne sais pas lesquels utiliser. Ah, je travaille avec firefox 3.5.2 et internet explorer (la dernière version) , le problème s'applique au 2 navigateurs bien que firefox lui, m'averti de la redirection et n'ouvre pas la page sans mon concentement.
En bref ça sent l'infection profonde du système.
J'ai fait un scan avec hijackthis que voici si ça peut aider, merci beaucoup de votre aide :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:41, on 24/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [VMSwitch] "C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - (no CLSID) - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: McAfee Application Installer Cleanup (0027181251104988) (0027181251104988mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\002718~1.EXE
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

17 réponses

Réponse 1 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt

internet explorer (la dernière version) : non la version 8 est sortie!!!!!

_______________________

scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­­

______________________

mettre a jour internet explorer
pour XP
https://www.microsoft.com/en-us/download

pour VISTA:
https://www.microsoft.com/en-us/download

_____________

mettre à jour adobe reader puis supprimer les anciennes version via le panneau de configuration
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

ou passer a un lecteur alternatif ce qui évitera les virus circulant via les PDF comme foxit reader (ne pas mettre les barres foxit, ask, ebay..)

https://www.commentcamarche.net/telecharger/ 205 foxit reader

_____________

Mettre a jour java:
https://javara.fr.malavida.com/­indows

Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.

si cela ne fonctionne pas

https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

tu peux désinstaller les vieilles versions.

_______________________

a plus
0
vae victis
 
Merci tout d'abord pour la réponse ultra rapide !
Alors :
- effectivement ma version d'internet explorer était obsolète, donc je l'ai mise à jour

- adobe reader est en version 9.1

- Javara spécifie que java est à jour et que les dernière version ont été effacées, ors, je ne reçoit pas de rapport. est-ce une opération longue ? En le recherchant, j'ai par contre trouvé les fichiers "jre1.6.0_06" et "jre1.6.0_07" qui se situent dans C/programmes/java . est-ce normal ?

- et enfin, malwarebyte à établi ce rapport après analyse rapide et suppression. Il me demande de redémarrer, ce que je vais faire immédiatement après l'envoi de cet e-mail.


Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2687
Windows 6.0.6001 Service Pack 1

24/08/2009 15:35:34
mbam-log-2009-08-24 (15-35-34).txt

Type de recherche: Examen rapide
Eléments examinés: 86451
Temps écoulé: 9 minute(s), 37 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.


Et merci encore pour votre aide ! On se sent moins seul !
VV
0
Réponse 2 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok fais le reste
0
vae victis
 
que me reste-t-il donc à faire ?
Il me semble avoir tout fait..
0
Réponse 3 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
le rapport javara?

puis

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 4 / 17
vae victis
 
d'accord, mais comment récupérer le rapport javara ? je ne le trouve absolument pas..
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
pas grave mets RSIT je verrai avec

et dis si ton pc a encore des soucis

a plus
0
Réponse 6 / 17
vae victis
 
merci tout de même d'essayer ! c'est sympa
donc concernant javara, pas de rapport, et visiblement je ne suis pas le seul à avoir eu ce problème.. j'ai essayé plusieur fois.

je refais un check avec hijackthis que j'envoie au cas ou.. et voici les deux réalisé avec RSIT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:41, on 24/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [VMSwitch] "C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - (no CLSID) - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: McAfee Application Installer Cleanup (0027181251104988) (0027181251104988mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\002718~1.EXE
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 7 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:41, on 24/08/2009

ce qui veut dire que le rapport est de midi

tu en as un neuf???
0
Réponse 8 / 17
vae victis
 
Ah oui, désolé, je n'avais pas remarqué ça. Il m'avais fait un message d'erreur lorsque j'ai voulu rescanner. mais en executant le programme en tant qu'administrateur ça à fonctionné. Donc, voici le rapport neuf:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:10, on 24/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [VMSwitch] "C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - (no CLSID) - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 9 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok c'est bon

mets a jour java et adobe

_________________________

encore des redirections ???????????

_________________________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
Réponse 10 / 17
vae victis
 
Merci,
alors plus de virus..
Heu , Adobe et java sont déjà à jour semble-t'il. Java dit que j'ai la plateforme la plus récente, et adobe a été à jour hier, je suis en 9.1

Par contre redirection oui, il en reste du genre envoyé par "get-free-scan.com" , c'est ultra agressif, pas moyen d'y réchapper à moins de faire ctrl+alt+supp et de fermer toute la session internet ouverte. Irrestaurable bien sûr, sinon on réouvre la redirection . elle est accompagné du message:
"Warning!!! Your computer contains various signs of viruses and malware programs presence. Your system requires immediate anti viruses check! Smart Virus Eliminator will perform a quick and free scanning of your PC for viruses and malicious programs." et ressemble à s'y méprendre à une fenêtre windows.

Donc , tu me conseille le scan en ligne bit defender ?
j'ai bit defender que je n'ai pas installé, peur des conflits avec mcafee qui ne semble pas facile à désinstaller.
0
Réponse 11 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

_____________________

puis fais un scan en ligne bitdefender (je dis bien scan en ligne) et non l'installation de la suite bitdefender qui va rentrer en conflit avec mcafee

désactive mcafee le temps du scan en ligne

a plus
0
Réponse 12 / 17
vae victis
 
Oui, apparement il est ultra infecté cet ordinateur. J'ai maintenant zero confiance en Mcafee. Je le désinstalle des que l'ordinateur est à 100% propre, et j'installe Bit Defender.
Le scan avec Bit Defender est en train de s'effectuer, et je vois qu'il à déja détruit un troyen du type MemScan:trojan.clicker.Muc
Et il reste... 9heures d'analyse !!!!!!!!!
Mais voice déjà le rapport de Combofix :

ComboFix 09-08-24.06 - SEB 25/08/2009 14:05.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3038.1961 [GMT 2:00]
Running from: c:\users\SEB\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1550961753-157052870-3807384937-500
c:\$recycle.bin\S-1-5-21-3387457687-1405142129-2551778395-500
c:\$recycle.bin\S-1-5-21-3404926272-1527438645-2294114786-1000
c:\users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\users\SEB\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\windows\system32\config\systemprofile\ntuser.dat{c92be680-c7c0-11dc-8ff1-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
c:\users\SEB\ntuser.dat{7b37abcf-d9b0-11dd-96e4-00215d9b8218}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))
.

2009-08-25 12:22 . 2009-08-25 12:28 -------- d-----w- c:\users\SEB\AppData\Local\temp
2009-08-25 12:22 . 2009-08-25 12:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-24 17:50 . 2009-08-24 17:50 -------- d-----w- C:\rsit
2009-08-24 12:40 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-24 12:16 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-24 12:16 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-24 12:16 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-24 12:16 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-24 12:16 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-24 12:16 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-24 12:16 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-24 12:16 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-24 11:32 . 2009-08-24 11:32 -------- d-----w- c:\users\SEB\AppData\Roaming\Malwarebytes
2009-08-24 11:32 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 11:32 . 2009-08-24 11:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 11:32 . 2009-08-24 11:32 -------- d-----w- c:\programdata\Malwarebytes
2009-08-24 11:32 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-24 10:12 . 2009-08-24 10:12 -------- d-----w- c:\program files\Trend Micro
2009-08-22 01:14 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-22 01:14 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-22 01:14 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-22 01:14 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-22 01:14 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-22 01:14 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-22 01:13 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-22 01:03 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-22 01:03 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-22 01:02 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-22 01:02 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-22 01:02 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-20 16:31 . 2009-08-20 16:31 -------- d-----w- c:\program files\SiteAdvisor
2009-08-19 06:09 . 2009-07-06 20:39 103424 ----a-w- c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-08-19 06:09 . 2009-07-06 20:39 937984 ----a-w- c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-08-19 06:09 . 2009-07-06 20:39 106496 ----a-w- c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-08-19 06:09 . 2009-07-06 20:39 65536 ----a-w- c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-08-19 06:09 . 2009-07-06 20:39 4722688 ----a-w- c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-08-19 06:09 . 2009-07-06 20:39 344064 ----a-w- c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-08-14 05:47 . 2007-03-23 02:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2009-08-13 02:55 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 02:55 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 02:55 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 02:55 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-13 02:55 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 02:54 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 02:54 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-01 14:55 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-08-01 14:55 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-01 14:55 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-08-01 14:55 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 12:23 . 2008-08-12 09:50 1076 ----a-w- c:\windows\bthservsdp.dat
2009-08-25 11:34 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-25 11:34 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-25 11:20 . 2008-12-15 18:05 -------- d-----w- c:\users\SEB\AppData\Roaming\Skype
2009-08-25 06:08 . 2008-12-15 18:09 -------- d-----w- c:\users\SEB\AppData\Roaming\skypePM
2009-08-24 13:00 . 2008-12-15 17:18 84888 ----a-w- c:\users\SEB\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-24 12:51 . 2008-09-07 19:53 -------- d-----w- c:\programdata\Microsoft Help
2009-08-24 11:39 . 2008-09-07 20:14 -------- d-----w- c:\program files\McAfee
2009-08-24 11:35 . 2008-08-12 12:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-24 09:08 . 2009-01-22 17:26 1 ----a-w- c:\users\SEB\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-24 08:59 . 2008-12-18 00:13 -------- d-----w- c:\users\SEB\AppData\Roaming\vlc
2009-08-24 08:59 . 2008-08-12 13:01 -------- d-----w- c:\programdata\FLEXnet
2009-08-20 16:14 . 2008-12-15 17:18 1356 ----a-w- c:\users\SEB\AppData\Local\d3d9caps.dat
2009-08-14 01:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-02 05:14 . 2009-03-31 15:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:52 . 2009-08-24 12:42 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-24 12:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-24 12:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-24 12:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-07 12:01 . 2009-07-07 12:01 -------- d-----w- c:\users\SEB\AppData\Roaming\Intel
2009-07-03 19:14 . 2009-07-03 19:14 -------- d-----w- c:\program files\ma-config.com
2009-07-03 19:14 . 2009-07-03 19:14 -------- d-----w- c:\programdata\ma-config.com
2009-06-17 11:54 . 2009-06-17 11:54 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-13 06:24 . 2009-06-13 06:25 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb13C1.tmp.exe
2009-06-05 09:42 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 09:42 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-04 18:16 . 2009-06-04 18:16 684872 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-07-30 262144]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-07 29744]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-09-07 24576]
"VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2008-07-25 534368]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-22 185872]
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-18 6295552]

c:\users\SEB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-1 768552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-15 16:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8BC47E2D-36FE-4D7C-8763-A59734920EC3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EDA0F132-5E63-408F-93EA-BBA1D91B1F58}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{40093CA5-1BA6-4141-BC3C-63B42BAF725B}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{7824F6DE-102E-426D-B64A-FE99EE1ED420}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{98175A7F-54FC-466B-AC2E-C21546761F11}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{6159CDEC-4D31-4F35-9A13-5D147EB6746B}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{882203A6-9C44-417C-9458-B099C08B6F6A}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{A18468C5-03F8-4981-836A-B4D0C5113898}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{CB679FF0-B719-4191-BF41-DAC809C932E3}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{08981C8F-EB8F-4968-A09E-0B3DCB5309F3}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{5ECF5395-38EB-4967-AA4E-D491E920E112}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{1B408B16-5E96-4E98-93BE-3251006214FE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8C1C3B69-85CF-4459-AFEE-9BA97D9E3FFA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AEDCCFCC-DBB1-438C-959B-17C6877617AD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BFBBCFAF-3A40-4BE0-9D23-9F888EAE6C70}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{023834D8-9CAF-4C56-80DA-BFA5D8638735}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{E15D86E6-55BC-4AA1-8705-4959FC9758F8}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{C9AF86AF-8B2B-40E5-9BD7-72ED6AD4364D}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{B0FE10E0-7CE6-4641-A587-44956E25BD7E}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{15034909-7D33-4C02-A49B-C0DF59E77982}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{A1C9FC17-07BE-46D1-9A58-9D48AF43806A}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{16327343-A17F-4E56-832B-AA53364B0B79}"= UDP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{B0311A83-578F-407F-B4E8-90C33363E5AB}"= TCP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{3666B807-260B-4DDC-BCE1-4E251127975A}"= UDP:c:\program files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{3C72E8F6-6111-4050-A061-46C103CC2CDB}"= TCP:c:\program files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{0163764B-F209-4AF6-BF41-7C5E0107E629}"= UDP:c:\program files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:LSDA, L'Avènement du Roi-sorcier™
"{9F8D66F2-1E93-43FB-83F9-DE80DB79F4E0}"= TCP:c:\program files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:LSDA, L'Avènement du Roi-sorcier™
"{380964F0-30E3-4AEB-9C27-C85D30E402D5}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6C8F7BD5-738E-4618-A4E0-5A261308EC2A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DE92B532-0128-46B6-87F9-7E1C47D0DC89}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{C10E5612-8341-4161-AD8E-5888F035B3E8}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{4D7BD95A-2713-4DAB-8336-C8DEA3949429}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{07C217AC-ED48-4DFB-AF1A-71B02FE27FB2}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{6C440B9C-CAEB-46B2-8D83-9D69B52535E9}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{EECA982F-6348-409B-B938-7068C8CF2F95}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{1070F92B-DC9E-4B4C-95A2-D0BFDCD1D717}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\System32\drivers\shpf.sys [12/08/2008 21:41 22944]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20:09 11032]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [28/04/2008 06:29 3658752]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [12/08/2008 21:41 9344]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [12/08/2008 13:31 29736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-01-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-16 12:32]

2009-07-31 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-16 12:32]

2009-08-25 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2009-08-24 20:13]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\HOMERunner.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 14:26
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\sqlite_gGzcYKchnzBA3Fg 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1020968652-1018674205-254125151-1000_Classes\CLSID\{066db328-8e80-41da-b51d-2573279b408c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000027
"Therad"=dword:00000024
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,bf,c1,a9,b1,b9,5c,7b,3c,46,2a,df,50,7d,ca,\

[HKEY_USERS\S-1-5-21-1020968652-1018674205-254125151-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3f,21,92,19,b2,0d,49,f0,b9,37,78,b9,31,d4,24,f5,41,89,23,63,f3,
b6,0c,b1,b7,4d,e9,9d,96,9a,5b,3d,96,4a,5c,a3,be,fb,f0,df,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5640)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\progra~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
c:\progra~1\Stardock\OBJECT~1\DESKSC~1\deskscape.dll
c:\progra~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
c:\progra~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\RTKAUDIOSERVICE.EXE
c:\windows\System32\wlanext.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\windows\System32\rundll32.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Sony\Network Utility\NSUService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Power Management\SPMService.exe
c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
c:\windows\System32\dllhost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\System32\dllhost.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\McAfee\MSC\mcuimgr.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-08-25 14:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-25 12:37

Pre-Run: 10 726 408 192 octets libres
Post-Run: 10 893 357 056 octets libres

377 --- E O F --- 2009-08-24 12:54

Et merci encore !!
0
Réponse 13 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok j'attends bitdefender

a plus
0
Réponse 14 / 17
vae victis
 
voila enfin le rapport bit defender :
BitDefender Online Scanner

Scan report generated at: Tue, Aug 25, 2009 - 18:22:42

Scan path: C:\;D:\;E:\;F:\;

Statistics

Time 02:21:07

Files 530361

Folders 29929

Boot Sectors 0

Archives 4124

Packed Files 22959

Results

Identified Viruses 1

Infected Files 1

Suspect Files 0

Warnings 0

Disinfected 0

Deleted Files 1

Engines Info

Virus Definitions 3913618

Engine build AVCORE v2.1 Windows/i386 11.0.0.26 (Jul 24 2009)

Scan plugins 17

Archive plugins 45

Unpack plugins 7

E-mail plugins 6

System plugins 4

Scan Settings

First Action Disinfect

Second Action Delete

Heuristics Yes

Enable Warnings Yes

Scanned Extensions *;

Exclude Extensions

Scan Emails Yes

Scan Archives Yes

Scan Packed Yes

Scan Files Yes

Scan Boot Yes

Scanned File

C:\Users\SEB\AppData\Local\VirtualStore\Windows\System32\net.net

Status
Infected with: MemScan:Trojan.Clicker.MUC

Scanned File

C:\Users\SEB\AppData\Local\VirtualStore\Windows\System32\net.net

Status
Deleted
0
Réponse 15 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

_________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-­6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001­.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a53986­5-6a70-11db-887c-d362bd253390}.TMContainer000000000000000000­01.regtrans-ms
C:\Users\SEB\AppData\Local\VirtualStore\Windows\System32\net­.net

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

_____________________________

comment va ton pc???
0
vae victis
 
Voici le nouveau rapport combofix, cela dit la démarche ne c'est pas déroulé comme dit plus haut, il ne m'a pas demandé de taper 1.. Et il à rebooté à la fin du scan, puis à affiché le rapport, et enfin plus rien n'était accessible pour une question de "clef réseau supprimée", ou un truc comme ça , je n'ai pas bien fais attention malheureusement. Donc j'ai redémarré à nouveau, maintenant tout semble fonctionner.. Quand à la redirection internet, je ne sais pas encore.
rapport combofix n°2 :



ComboFix 09-08-24.06 - SEB 25/08/2009 20:34.2.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3038.1943 [GMT 2:00]
Running from: c:\users\SEB\Desktop\ComboFix.exe
Command switches used :: c:\users\SEB\Desktop\CFscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\SEB\ntuser.dat{7b37abcf-d9b0-11dd-96e4-00215d9b8218}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))
.

2009-08-25 18:50 . 2009-08-25 19:06 -------- d-----w- c:\users\SEB\AppData\Local\temp
2009-08-25 18:50 . 2009-08-25 18:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-25 18:50 . 2009-08-25 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-25 13:56 . 2009-08-25 16:37 -------- d-----w- c:\windows\BDOSCAN8
2009-08-24 17:50 . 2009-08-24 17:50 -------- d-----w- C:\rsit
2009-08-24 12:40 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-24 12:16 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-24 12:16 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-24 12:16 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-24 12:16 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-24 12:16 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-24 12:16 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-24 12:16 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-24 12:16 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-24 11:32 . 2009-08-24 11:32 -------- d-----w- c:\users\SEB\AppData\Roaming\Malwarebytes
2009-08-24 11:32 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 11:32 . 2009-08-24 11:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 11:32 . 2009-08-24 11:32 -------- d-----w- c:\programdata\Malwarebytes
2009-08-24 11:32 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-24 10:12 . 2009-08-24 10:12 -------- d-----w- c:\program files\Trend Micro
2009-08-22 01:14 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-22 01:14 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-22 01:14 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-22 01:14 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-22 01:14 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-22 01:14 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-22 01:13 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-22 01:03 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-22 01:03 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-22 01:02 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-22 01:02 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-22 01:02 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-20 16:31 . 2009-08-20 16:31 -------- d-----w- c:\program files\SiteAdvisor
2009-08-19 06:09 . 2009-07-06 20:39 103424 ----a-w- c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-08-19 06:09 . 2009-07-06 20:39 937984 ----a-w- c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-08-19 06:09 . 2009-07-06 20:39 106496 ----a-w- c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-08-19 06:09 . 2009-07-06 20:39 65536 ----a-w- c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-08-19 06:09 . 2009-07-06 20:39 4722688 ----a-w- c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-08-19 06:09 . 2009-07-06 20:39 344064 ----a-w- c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-08-14 05:47 . 2007-03-23 02:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2009-08-13 02:55 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 02:55 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 02:55 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 02:55 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-13 02:55 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 02:54 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 02:54 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-01 14:55 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-08-01 14:55 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-01 14:55 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-08-01 14:55 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 18:59 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-25 18:59 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-25 18:50 . 2008-08-12 09:50 1076 ----a-w- c:\windows\bthservsdp.dat
2009-08-25 11:20 . 2008-12-15 18:05 -------- d-----w- c:\users\SEB\AppData\Roaming\Skype
2009-08-25 06:08 . 2008-12-15 18:09 -------- d-----w- c:\users\SEB\AppData\Roaming\skypePM
2009-08-24 13:00 . 2008-12-15 17:18 84888 ----a-w- c:\users\SEB\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-24 12:51 . 2008-09-07 19:53 -------- d-----w- c:\programdata\Microsoft Help
2009-08-24 11:39 . 2008-09-07 20:14 -------- d-----w- c:\program files\McAfee
2009-08-24 11:35 . 2008-08-12 12:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-24 09:08 . 2009-01-22 17:26 1 ----a-w- c:\users\SEB\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-24 08:59 . 2008-12-18 00:13 -------- d-----w- c:\users\SEB\AppData\Roaming\vlc
2009-08-24 08:59 . 2008-08-12 13:01 -------- d-----w- c:\programdata\FLEXnet
2009-08-20 16:14 . 2008-12-15 17:18 1356 ----a-w- c:\users\SEB\AppData\Local\d3d9caps.dat
2009-08-14 01:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-02 05:14 . 2009-03-31 15:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:52 . 2009-08-24 12:42 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-24 12:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-24 12:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-24 12:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-07 12:01 . 2009-07-07 12:01 -------- d-----w- c:\users\SEB\AppData\Roaming\Intel
2009-07-03 19:14 . 2009-07-03 19:14 -------- d-----w- c:\program files\ma-config.com
2009-07-03 19:14 . 2009-07-03 19:14 -------- d-----w- c:\programdata\ma-config.com
2009-06-17 11:54 . 2009-06-17 11:54 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-13 06:24 . 2009-06-13 06:25 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb13C1.tmp.exe
2009-06-05 09:42 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 09:42 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-04 18:16 . 2009-06-04 18:16 684872 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-25_12.26.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-08-25 16:57 52952 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-25 16:57 75654 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-25 15:47 . 2009-08-25 15:47 10030 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\6F67039E20F8C8F9C7069B8D07C7DB6F3DC72136\6F67039E20F8C8F9C7069B8D07C7DB6F3DC72136\Data.dat
- 2008-09-07 19:52 . 2009-08-25 12:27 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-07 19:52 . 2009-08-25 19:06 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-07 19:52 . 2009-08-25 19:06 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-07 19:52 . 2009-08-25 12:27 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-07 20:40 . 2009-08-25 12:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-07 20:40 . 2009-08-25 19:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-05 13:44 . 2009-01-05 13:44 53248 c:\windows\bdoscandel.exe
+ 2009-08-25 13:56 . 2009-08-25 13:56 86016 c:\windows\BDOSCAN8\librtvr.dll
+ 2009-08-25 13:56 . 2009-08-25 13:56 27136 c:\windows\BDOSCAN8\avxt.dll
+ 2009-08-25 13:56 . 2009-08-25 13:56 10240 c:\windows\BDOSCAN8\avxs.dll
+ 2009-08-25 13:56 . 2009-08-25 13:56 45056 c:\windows\BDOSCAN8\avxdisk.dll
+ 2008-12-16 07:14 . 2009-08-25 16:57 6666 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1020968652-1018674205-254125151-1000_UserData.bin
+ 2009-08-25 17:34 . 2009-08-25 17:34 5586 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\E6D66408E2E8C41284F6F3818922AE0585617EED\E6D66408E2E8C41284F6F3818922AE0585617EED\Data.dat
+ 2009-08-25 17:25 . 2009-08-25 17:25 3492 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\E09A6070DEA3B470781DD38F9746BC21C740C5E7\E09A6070DEA3B470781DD38F9746BC21C740C5E7\Data.dat
+ 2009-08-25 16:48 . 2009-08-25 16:48 6996 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\AFA0228517D559C72225EDC64521ED7E04459E89\AFA0228517D559C72225EDC64521ED7E04459E89\Data.dat
+ 2009-08-25 17:24 . 2009-08-25 17:24 5556 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\61D154744047436FC5CDABD84BAEE2E4FA5CDCC9\61D154744047436FC5CDABD84BAEE2E4FA5CDCC9\Data.dat
+ 2009-08-25 17:25 . 2009-08-25 17:25 3604 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\60424DDDF38649759122DCDAF2E61ED9EAEE26BF\60424DDDF38649759122DCDAF2E61ED9EAEE26BF\Data.dat
+ 2009-08-25 17:25 . 2009-08-25 17:25 6564 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3E4BEEFDF7A954200744EBA292E203E12F22DA62\3E4BEEFDF7A954200744EBA292E203E12F22DA62\Data.dat
+ 2009-08-25 17:25 . 2009-08-25 17:25 7182 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3152A0D0BE74B6CBD8CFE76FE1D33EC5BD4EA437\3152A0D0BE74B6CBD8CFE76FE1D33EC5BD4EA437\Data.dat
+ 2009-08-25 17:25 . 2009-08-25 17:25 7102 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\248A7126B31C15B33E2295BBB5A8C075FB96A03F\248A7126B31C15B33E2295BBB5A8C075FB96A03F\Data.dat
- 2009-08-25 06:44 . 2009-08-25 06:44 6522 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\1D57712D7BA5988EB6E4E96810CB6BEBF4F0D876\1D57712D7BA5988EB6E4E96810CB6BEBF4F0D876\Data.dat
+ 2009-08-25 17:23 . 2009-08-25 17:23 6522 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\1D57712D7BA5988EB6E4E96810CB6BEBF4F0D876\1D57712D7BA5988EB6E4E96810CB6BEBF4F0D876\Data.dat
+ 2009-08-25 16:49 . 2009-08-25 16:49 5494 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\1C011010C6DC7C38D9C66B40FA6DE8B0BADA3361\1C011010C6DC7C38D9C66B40FA6DE8B0BADA3361\Data.dat
+ 2009-08-25 17:24 . 2009-08-25 17:24 4712 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\1AB8C90926C6A82DF1C881B1B4FCACC84C695E32\1AB8C90926C6A82DF1C881B1B4FCACC84C695E32\Data.dat
+ 2009-08-25 18:51 . 2009-08-25 18:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-25 12:24 . 2009-08-25 12:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-25 12:24 . 2009-08-25 12:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-25 18:51 . 2009-08-25 18:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:33 . 2009-08-25 11:34 587178 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-25 18:59 587178 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-25 18:59 101250 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-08-25 11:34 101250 c:\windows\System32\perfc009.dat
+ 2009-01-05 13:44 . 2009-01-05 13:44 741376 c:\windows\Downloaded Program Files\ipsupd.dll
+ 2009-01-05 13:44 . 2009-08-25 13:57 142848 c:\windows\BDOSCAN8\libfn.dll
+ 2009-01-05 13:44 . 2009-01-05 13:44 741376 c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-01-05 13:44 . 2009-08-25 13:57 102400 c:\windows\BDOSCAN8\bdcore.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-07-30 262144]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-07 29744]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-09-07 24576]
"VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2008-07-25 534368]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-22 185872]
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-18 6295552]

c:\users\SEB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-1 768552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-15 16:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8BC47E2D-36FE-4D7C-8763-A59734920EC3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EDA0F132-5E63-408F-93EA-BBA1D91B1F58}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{40093CA5-1BA6-4141-BC3C-63B42BAF725B}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{7824F6DE-102E-426D-B64A-FE99EE1ED420}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{98175A7F-54FC-466B-AC2E-C21546761F11}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{6159CDEC-4D31-4F35-9A13-5D147EB6746B}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{882203A6-9C44-417C-9458-B099C08B6F6A}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{A18468C5-03F8-4981-836A-B4D0C5113898}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{CB679FF0-B719-4191-BF41-DAC809C932E3}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{08981C8F-EB8F-4968-A09E-0B3DCB5309F3}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{5ECF5395-38EB-4967-AA4E-D491E920E112}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{1B408B16-5E96-4E98-93BE-3251006214FE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8C1C3B69-85CF-4459-AFEE-9BA97D9E3FFA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AEDCCFCC-DBB1-438C-959B-17C6877617AD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BFBBCFAF-3A40-4BE0-9D23-9F888EAE6C70}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{023834D8-9CAF-4C56-80DA-BFA5D8638735}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{E15D86E6-55BC-4AA1-8705-4959FC9758F8}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{C9AF86AF-8B2B-40E5-9BD7-72ED6AD4364D}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{B0FE10E0-7CE6-4641-A587-44956E25BD7E}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{15034909-7D33-4C02-A49B-C0DF59E77982}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{A1C9FC17-07BE-46D1-9A58-9D48AF43806A}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{16327343-A17F-4E56-832B-AA53364B0B79}"= UDP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{B0311A83-578F-407F-B4E8-90C33363E5AB}"= TCP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{3666B807-260B-4DDC-BCE1-4E251127975A}"= UDP:c:\program files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{3C72E8F6-6111-4050-A061-46C103CC2CDB}"= TCP:c:\program files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{0163764B-F209-4AF6-BF41-7C5E0107E629}"= UDP:c:\program files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:LSDA, L'Avènement du Roi-sorcier™
"{9F8D66F2-1E93-43FB-83F9-DE80DB79F4E0}"= TCP:c:\program files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:LSDA, L'Avènement du Roi-sorcier™
"{380964F0-30E3-4AEB-9C27-C85D30E402D5}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6C8F7BD5-738E-4618-A4E0-5A261308EC2A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DE92B532-0128-46B6-87F9-7E1C47D0DC89}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{C10E5612-8341-4161-AD8E-5888F035B3E8}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{4D7BD95A-2713-4DAB-8336-C8DEA3949429}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{07C217AC-ED48-4DFB-AF1A-71B02FE27FB2}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{6C440B9C-CAEB-46B2-8D83-9D69B52535E9}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{EECA982F-6348-409B-B938-7068C8CF2F95}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{1070F92B-DC9E-4B4C-95A2-D0BFDCD1D717}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\System32\drivers\shpf.sys [12/08/2008 21:41 22944]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 00:45 124832]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [21/12/2008 02:57 203280]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [07/09/2008 22:30 299008]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20:09 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [12/08/2008 13:24 104992]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [12/08/2008 13:31 29736]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [28/04/2008 06:29 3658752]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [12/08/2008 21:41 9344]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [07/09/2008 22:12 29744]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-01-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-16 12:32]

2009-07-31 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-16 12:32]

2009-08-25 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2009-08-24 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com
Trusted Zone: netflame.cc\ssl-hints
FF - ProfilePath - c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\SEB\AppData\Roaming\Mozilla\Firefox\Profiles\c9qqh9pe.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 21:06
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1020968652-1018674205-254125151-1000_Classes\CLSID\{066db328-8e80-41da-b51d-2573279b408c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000027
"Therad"=dword:00000024
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,bf,c1,a9,b1,b9,5c,7b,3c,46,2a,df,50,7d,ca,\

[HKEY_USERS\S-1-5-21-1020968652-1018674205-254125151-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3f,21,92,19,b2,0d,49,f0,b9,37,78,b9,31,d4,24,f5,41,89,23,63,f3,
b6,0c,b1,b7,4d,e9,9d,96,9a,5b,3d,96,4a,5c,a3,be,fb,f0,df,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\windows\System32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Power Management\SPMService.exe
c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
c:\windows\System32\dllhost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\dllhost.exe
c:\program files\McAfee\VirusScan\mcsysmon.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
.
**************************************************************************
.
Completion time: 2009-08-25 21:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-25 19:13
ComboFix2.txt 2009-08-25 12:37

Pre-Run: 10 291 007 488 octets libres
Post-Run: 10 160 455 680 octets libres

395 --- E O F --- 2009-08-24 12:54
0
Réponse 16 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
encore des soucis?
0
vae victis
 
He bien, pour l'instant, ça me semble ok.. Pas eu de redirection encore, merci. Cela dit, que pense tu de virer Mcafee au profit de bitdefender ?
Que signale le dernier rapport ? Des anomalies ?
Merci encore pour l'énorme coup de main.
0
Réponse 17 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
que pense tu de virer Mcafee au profit de bitdefender ?

oui c'est une bonne idée

_____________

ceci bizarre:

c:\users\SEB\ntuser.dat{7b37abcf-d9b0-11dd-96e4-00215d9b8218}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete

peux tu créer un nouveau compte utilisateur et virer celui que tu as actuellement?
0
vae victis
 
ça veut dire créer un nouveau compte, le passer en administrateur, passer l'ancien compte en simple utilisateur, transferer tout la donnée sur le nouveau compte, et enfin supprimer l'ancien ?
Je ne prends pas le risque de perdre de données importantes en faisant ça ?
Si ça ne craint rien et que éventuellement tu connais une démarche plus simple et plus rapide, bien sûr, je peux faire ça.
0

Discussions similaires

FOTOSE (allemagne)
lix -
Yves -

13 réponses
ATTENTION : escroquerie à la carte bleue !!
dvrg -
dvrg -

80 réponses