Plus aucun accès aux sites d'antivirus

Résolu
Make Tacos Not War -  
 Utilisateur anonyme -
Bonjour,

Je n'ai plus aucun accès au moindre site d'antivirus depuis deux ou trois jours et j'ignore comment m'en sortir.
J'ai lu pas mal de trucs sur Elibagla, HiJack, FindyKill, ComboFix ou Malwarebytes mais j'arrive pas à trouver une vraie marche à suivre pour me sortir de ce merdier.

Pour l'instant, je séquestre des petites vieilles chez moi et je les brûle avec des mégots de clopes pour me détendre mais je sens que je vais bientôt craquer.

Merci de votre aide (faites-le au moins par respect pour les personnes âgées injustement torturées)

Nino
Configuration: Windows XP
Firefox 3.5.2

31 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    Hello ,

    Copie le texte ci-dessous :

    Driver::
    gaailca

    NetSvc::
    gaailca

    File::
    c:\windows\system32\hsyos.dll

    Folder::
    c:\program files\Winamp Toolbar
    c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    c:\documents and settings\All Users\Application Data\Winamp Toolbar

    Registry::
    [-HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
    [-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"=-


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt .

    S'il n'y a pas de rédémarrage, poste quand même le rapport.

    1
  2. Narco!4 Messages postés 2446 Statut Contributeur 467
     
    Bonjour,

    télécharge GenProc http://www.genproc.com/GenProc.exe

    double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
    0
  3. Make Tacos Not War
     
    OK j'essaye. Mode sans échec ?
    0
  4. Narco!4 Messages postés 2446 Statut Contributeur 467
     
    non
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Make Tacos Not War
     
    Ca fait 5 minutes que l'écran affiche qu'un test va durer entre 30 secondes et une minute trente...
    0
  7. Make Tacos Not War
     
    L'ordi s'est bloqué. Je retente le coup.
    0
  8. Make Tacos Not War
     
    Ok voici le rapport.

    Rapport GenProc 2.623 [2] - 07/09/2009 à 23:13:24
    @ Windows XP Service Pack 3 - Mode normal
    @ Mozilla Firefox (3.5.2) [Navigateur par défaut]

    ~~ CM DISK ERROR ~~

    GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

    Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
    - coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
    C:\Program Files\EsetOnlineScanner\log.txt

    ~~~~ INFORMATION COMPLEMENTAIRE ~~~~

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:14:34, on 07/09/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    C:\Program Files\EeePC\ACPI\AsTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\lg_fwupdate\fwupdate.exe
    C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\cmd.exe
    C:\GenProc\outil\Nino Cioli_GenProc.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: SuperHybridEngine.lnk = ?
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InCD Helper (InCDsrvR) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    0
  9. Narco!4 Messages postés 2446 Statut Contributeur 467
     
    [*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
    [*] Double clique combofix.exe et suis les instructions.
    [*] Installe la console de récupération si proposé et continue.
    [*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    0
  10. Make Tacos Not War
     
    OK c'est fait. Voici le résultat.

    ComboFix 09-09-06.06 - Nino Cioli 07/09/2009 23:30.3.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.586 [GMT 2:00]
    Running from: c:\documents and settings\Nino Cioli\Bureau\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\InfoSat.txt

    .
    ((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
    .

    2009-09-07 20:58 . 2009-09-07 21:13 -------- d-----w- C:\GenProc
    2009-09-04 15:51 . 2009-09-04 15:51 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Malwarebytes
    2009-09-04 15:50 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-04 15:50 . 2009-09-04 15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-09-04 15:50 . 2009-09-04 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-09-04 15:50 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-09-04 15:01 . 2009-09-07 14:55 -------- d-----w- C:\FindyKill
    2009-09-03 22:55 . 2009-09-03 22:57 -------- d-----w- c:\windows\avxoscan
    2009-09-03 22:51 . 2009-09-03 22:51 -------- d-----w- c:\windows\BDOSCAN8
    2009-09-03 22:49 . 2009-09-03 22:49 -------- d-----w- c:\documents and settings\Nino Cioli\Local Settings\Application Data\Winamp Toolbar
    2009-09-03 11:59 . 2009-09-04 10:14 -------- d-----w- c:\program files\C4U
    2009-09-03 11:59 . 1997-11-19 13:49 303616 ----a-w- c:\windows\IsUninst.exe
    2009-09-03 11:59 . 2009-09-03 11:59 -------- d-----w- c:\documents and settings\Nino Cioli\WINDOWS
    2009-08-31 16:44 . 2009-08-31 16:44 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\dvdcss
    2009-08-31 16:44 . 2009-09-01 14:12 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\vlc
    2009-08-31 16:43 . 2009-08-31 16:43 -------- d-----w- c:\program files\VideoLAN
    2009-08-21 08:43 . 2009-08-21 08:43 -------- d-----w- c:\documents and settings\Nino Cioli\Local Settings\Application Data\Identities

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-07 21:13 . 2009-05-12 21:31 76482 ----a-w- c:\windows\system32\perfc00C.dat
    2009-09-07 21:13 . 2009-05-12 21:31 468608 ----a-w- c:\windows\system32\perfh00C.dat
    2009-09-07 13:28 . 2009-09-07 13:23 -------- d-----w- c:\program files\SpywareGuard
    2009-09-04 15:56 . 2009-09-04 15:56 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2009-08-31 16:28 . 2009-07-28 21:51 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Winamp
    2009-08-27 09:46 . 2009-05-12 20:49 -------- d-----w- c:\program files\Fichiers communs\Adobe
    2009-08-07 13:13 . 2009-08-07 13:01 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Apple Computer
    2009-08-07 13:03 . 2009-08-07 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\iTunes
    2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\iPod
    2009-08-07 13:00 . 2009-08-07 12:58 -------- d-----w- c:\program files\Fichiers communs\Apple
    2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\Bonjour
    2009-08-07 13:00 . 2009-08-07 12:59 -------- d-----w- c:\program files\QuickTime
    2009-08-07 12:59 . 2009-08-07 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-08-07 12:59 . 2009-08-07 12:59 -------- d-----w- c:\program files\Apple Software Update
    2009-07-31 19:15 . 2009-07-31 19:15 -------- d-----w- c:\program files\MSXML 4.0
    2009-07-31 17:26 . 2009-07-31 17:25 -------- d-----w- c:\program files\ZC2.10
    2009-07-29 10:41 . 2009-07-28 13:57 -------- d-----w- c:\program files\lg_fwupdate
    2009-07-28 21:53 . 2009-07-28 21:51 -------- d-----w- c:\program files\Winamp
    2009-07-28 21:52 . 2009-07-28 21:52 -------- d-----w- c:\program files\Winamp Toolbar
    2009-07-28 21:52 . 2009-07-28 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar
    2009-07-28 14:01 . 2009-05-12 20:04 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-07-28 14:00 . 2009-07-28 13:45 -------- d-----w- c:\program files\CyberLink
    2009-07-28 13:59 . 2009-07-28 13:54 -------- d-----w- c:\program files\Fichiers communs\Nero
    2009-07-28 13:54 . 2009-07-28 13:54 -------- d-----w- c:\program files\Nero
    2009-07-28 13:54 . 2009-07-28 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
    2009-07-28 13:48 . 2009-07-28 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
    2009-07-28 13:46 . 2009-07-28 13:46 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\CyberLink
    2009-07-28 13:44 . 2009-07-28 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
    2009-07-27 14:19 . 2009-07-27 14:19 0 ----a-w- c:\windows\nsreg.dat
    2009-07-09 10:16 . 2009-08-07 12:59 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-07-09 10:16 . 2009-08-07 12:59 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-06-29 15:57 . 2009-05-12 21:31 827392 ------w- c:\windows\system32\wininet.dll
    2009-06-29 15:57 . 2009-05-12 21:31 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-29 15:57 . 2009-05-12 21:31 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-06-16 14:40 . 2009-05-12 21:31 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 14:40 . 2009-05-12 21:31 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-03-21 14:07 . 2009-05-12 21:31 170505 --sha-r- c:\windows\system32\hsyos.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-09-04_15.42.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-05-12 21:31 . 2009-09-07 21:13 62934 c:\windows\system32\perfc009.dat
    - 2009-05-12 21:31 . 2009-09-04 15:35 62934 c:\windows\system32\perfc009.dat
    + 2009-09-04 16:31 . 2009-09-04 16:31 8192 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    + 2009-09-07 14:30 . 2009-09-07 14:30 8192 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    - 2009-05-12 21:31 . 2009-09-04 15:35 401272 c:\windows\system32\perfh009.dat
    + 2009-05-12 21:31 . 2009-09-07 21:13 401272 c:\windows\system32\perfh009.dat
    + 2009-09-04 16:31 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2009-09-04 16:31 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
    + 2009-09-04 16:31 . 2009-09-04 16:31 1232896 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
    + 2009-09-07 14:30 . 2009-09-07 14:30 1232896 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]

    [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
    @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
    [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
    2008-02-28 15:39 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
    "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
    "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
    "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
    "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2009-03-10 570664]
    "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]
    "SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]
    "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-04-07 210216]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-04-27 17881088]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Nino Cioli\Menu D‚marrer\Programmes\D‚marrage\
    SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-12 376832]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "2432:TCP"= 2432:TCP:yxavcvq

    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/05/2009 22:58 55152]
    R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [28/02/2008 17:39 53032]
    R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [12/05/2009 22:08 10752]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28/04/2009 03:59 38912]
    S2 gaailca;Driver Support;c:\windows\system32\svchost.exe -k netsvcs [12/05/2009 23:31 14336]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/05/2009 22:04 1684736]
    S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
    S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [12/05/2009 22:06 966912]
    S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [12/05/2009 23:14 232872]
    S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [28/04/2009 07:47 39040]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    gaailca
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://eeepc.asus.com/global
    uInternet Settings,ProxyOverride = *.local
    IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\Nino Cioli\Application Data\Mozilla\Firefox\Profiles\l3r2ppwg.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
    FF - prefs.js: browser.search.selectedEngine - Winamp Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-07 23:35
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaailca]
    "ServiceDll"="c:\windows\system32\hsyos.dll"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(720)
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2009-09-07 23:37
    ComboFix-quarantined-files.txt 2009-09-07 21:37
    ComboFix2.txt 2009-09-07 14:24
    ComboFix3.txt 2009-09-04 15:44

    Pre-Run: 67 020 992 512 octets libres
    Post-Run: 66 991 054 848 octets libres

    198 --- E O F --- 2009-07-31 19:16
    0
  11. Narco!4 Messages postés 2446 Statut Contributeur 467
     
    tu arrive de quel forum?
    0
  12. Make Tacos Not War
     
    J'ai chopé des infos un peu partout. Pourquoi ? Y'a plus d'espoir c'est ça ?
    0
  13. Narco!4 Messages postés 2446 Statut Contributeur 467
     
    Y'a plus d'espoir c'est ça ?

    avec moi non
    0
  14. Make Tacos Not War
     
    Pourquoi ? Je peux vraiment plus rien tenter à part coller un petit Jésus sur l'ordi ?
    0
  15. BESOIN-D-AIDE-ME-VOILA Messages postés 15 Statut Membre 13
     
    alors as-tu attrapé le virus après avoir télécharger un Keygen si c'est la cas tu n'as plus qu'a formater j'ai déjà eu le coup moralité apres avoir formater ma carte mere a cramé coïncidence ou pas j'ai étais puni par la loi du peer to peer du coup j'achète cela fait ch... mes au moin plus de virus
    0
  16. Make Tacos Not War
     
    Je vais pas jouer les agneaux innocents. C'est clair que j'ai pas dû choper que des trucs certifiés Microsoft...
    Alors ok, c'est pas bien, je suis prêt à marcher pieds nus sur des charbons ardents mais il doit bien y avoir une solution adaptée autre que la purification de mon âme...

    Pitié, aidez-moi. Je vous rappelle que j'ai des vieilles dames en otage !
    0
  17. BESOIN-D-AIDE-ME-VOILA Messages postés 15 Statut Membre 13
     
    dans l'éventualité fait une copie des fichiers important et formate moi perso j'ai testé au moins 40 antivirus sans exagérée virus c'est beagle je crois regard sur google au moins apres le formatage tes tranquille et tu repart sur de bonne base bonne chance dans ta lutte contre les petits co.. qui mette des virus partout
    0
  18. Make Tacos Not War
     
    Ok j'essaie ton truc qui me fait bien flipper. Je te tiens au jus.
    0
  19. Make Tacos Not War
     
    Voilà le rapport.

    ComboFix 09-09-06.06 - Nino Cioli 08/09/2009 0:56.4.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.635 [GMT 2:00]
    Running from: c:\documents and settings\Nino Cioli\Bureau\ComboFix.exe
    Command switches used :: c:\documents and settings\Nino Cioli\Bureau\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    "c:\windows\system32\hsyos.dll"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DIFxAPI.dll
    c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DifXInstall32.exe
    c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DIFxInstallLog.txt
    c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\GEARAspiWDM.inf
    c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\gearaspiwdmx86.cat
    c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspi.dll
    c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
    c:\documents and settings\All Users\Application Data\Winamp Toolbar
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alert.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alerts.css
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alerts.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alerts.jpg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alerts.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\defaultButtons.xml
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\searchedit.bmp
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\arrow_left.jpg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\arrow_left_on.jpg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\arrow_right.jpg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\arrow_right_on.jpg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_buy.jpg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_buy_on.jpg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_enqall_off.jpg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_enqall_on.jpg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_info.jpg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_info_on.jpg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_play.jpg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_play_on.jpg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_playall_off.jpg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_playall_on.jpg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_playlist.jpg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_playlist_on.jpg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\mediamonitor.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\mediamonitor.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\menu.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\menu.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\qap.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\rss.css
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\rss.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\rss.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\staf.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\staf.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\about.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\addcustombutton.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\addcustombutton_confirm.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\addsearch.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\ani_media_icon.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blocker.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_down_1.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_down_2.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_normal_1.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_normal_2.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_over_1.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_over_2.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\branding.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_movedowndisabled.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_movedowndown.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_movedownover.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_movedownup.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_moveupdisabled.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_moveupdown.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_moveupover.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_moveupup.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_nextdown.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_nextover.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_nextup.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_prevdown.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_prevover.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_prevup.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\buttonManager.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\buttons.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\buttons_frame.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\clearprints.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\clearprints_confirm.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\content.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\content_header01.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\content_header02.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\custom_button.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\custombutton.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\customize_icon.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\defaultsearch.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\disabled_input_1.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\disabled_input_2.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\dot.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\dropcustombutton.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\firsttimepage.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\footprints.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\footprints_frame.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\general_icon.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_down_1.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_down_2.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_normal_1.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_normal_2.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_over_1.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_over_2.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\latest.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\metrics.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\olderversion.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\options_frame.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_bottom_left.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_bottom_right.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_bottom_tile.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_left_tile.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_right_tile.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_left.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_left_bot.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_left_large.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_right.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_right_bot.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_right_large.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_tile.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\popup_icon.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\popups_frame.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\popups_icon.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\preferences.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\preferences.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\privacy_icon.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\renamecustombutton.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\resettoolbar.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\search.js
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\search_frame.htm
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\search_icon.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\SettingTabActive.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\SettingTabNormal.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\SettingTabOver.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\sidebar_bg.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\sidebar_bottom.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\sidebar_left.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\sidebar_top.gif
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\stylesheet.css
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\winamptb.cfg
    c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\winamptbres.dll
    c:\program files\Winamp Toolbar
    c:\program files\Winamp Toolbar\apopup.dll
    c:\program files\Winamp Toolbar\install.log
    c:\program files\Winamp Toolbar\msvcr71.dll
    c:\program files\Winamp Toolbar\uninstall.exe
    c:\program files\Winamp Toolbar\winamptb.dll
    c:\program files\Winamp Toolbar\winampTbServer.exe
    c:\program files\Winamp Toolbar\winamptbServerPS.dll
    c:\program files\Winamp Toolbar\xprt5.dll
    c:\windows\system32\hsyos.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_GAAILCA
    -------\Service_gaailca

    ((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
    .

    2009-09-07 20:58 . 2009-09-07 21:13 -------- d-----w- C:\GenProc
    2009-09-04 15:51 . 2009-09-04 15:51 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Malwarebytes
    2009-09-04 15:50 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-04 15:50 . 2009-09-04 15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-09-04 15:50 . 2009-09-04 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-09-04 15:50 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-09-04 15:01 . 2009-09-07 14:55 -------- d-----w- C:\FindyKill
    2009-09-03 22:55 . 2009-09-03 22:57 -------- d-----w- c:\windows\avxoscan
    2009-09-03 22:51 . 2009-09-03 22:51 -------- d-----w- c:\windows\BDOSCAN8
    2009-09-03 22:49 . 2009-09-03 22:49 -------- d-----w- c:\documents and settings\Nino Cioli\Local Settings\Application Data\Winamp Toolbar
    2009-09-03 11:59 . 2009-09-04 10:14 -------- d-----w- c:\program files\C4U
    2009-09-03 11:59 . 1997-11-19 13:49 303616 ----a-w- c:\windows\IsUninst.exe
    2009-09-03 11:59 . 2009-09-03 11:59 -------- d-----w- c:\documents and settings\Nino Cioli\WINDOWS
    2009-08-31 16:44 . 2009-08-31 16:44 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\dvdcss
    2009-08-31 16:44 . 2009-09-01 14:12 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\vlc
    2009-08-31 16:43 . 2009-08-31 16:43 -------- d-----w- c:\program files\VideoLAN
    2009-08-21 08:43 . 2009-08-21 08:43 -------- d-----w- c:\documents and settings\Nino Cioli\Local Settings\Application Data\Identities

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-07 22:47 . 2009-05-12 21:31 76482 ----a-w- c:\windows\system32\perfc00C.dat
    2009-09-07 22:47 . 2009-05-12 21:31 468608 ----a-w- c:\windows\system32\perfh00C.dat
    2009-09-07 13:28 . 2009-09-07 13:23 -------- d-----w- c:\program files\SpywareGuard
    2009-09-04 15:56 . 2009-09-04 15:56 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2009-08-31 16:28 . 2009-07-28 21:51 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Winamp
    2009-08-27 09:46 . 2009-05-12 20:49 -------- d-----w- c:\program files\Fichiers communs\Adobe
    2009-08-07 13:13 . 2009-08-07 13:01 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Apple Computer
    2009-08-07 13:03 . 2009-08-07 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\iTunes
    2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\iPod
    2009-08-07 13:00 . 2009-08-07 12:58 -------- d-----w- c:\program files\Fichiers communs\Apple
    2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\Bonjour
    2009-08-07 13:00 . 2009-08-07 12:59 -------- d-----w- c:\program files\QuickTime
    2009-08-07 12:59 . 2009-08-07 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-08-07 12:59 . 2009-08-07 12:59 -------- d-----w- c:\program files\Apple Software Update
    2009-07-31 19:15 . 2009-07-31 19:15 -------- d-----w- c:\program files\MSXML 4.0
    2009-07-31 17:26 . 2009-07-31 17:25 -------- d-----w- c:\program files\ZC2.10
    2009-07-29 10:41 . 2009-07-28 13:57 -------- d-----w- c:\program files\lg_fwupdate
    2009-07-28 21:53 . 2009-07-28 21:51 -------- d-----w- c:\program files\Winamp
    2009-07-28 14:01 . 2009-05-12 20:04 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-07-28 14:00 . 2009-07-28 13:45 -------- d-----w- c:\program files\CyberLink
    2009-07-28 13:59 . 2009-07-28 13:54 -------- d-----w- c:\program files\Fichiers communs\Nero
    2009-07-28 13:54 . 2009-07-28 13:54 -------- d-----w- c:\program files\Nero
    2009-07-28 13:54 . 2009-07-28 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
    2009-07-28 13:48 . 2009-07-28 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
    2009-07-28 13:46 . 2009-07-28 13:46 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\CyberLink
    2009-07-28 13:44 . 2009-07-28 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
    2009-07-27 14:19 . 2009-07-27 14:19 0 ----a-w- c:\windows\nsreg.dat
    2009-07-09 10:16 . 2009-08-07 12:59 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-07-09 10:16 . 2009-08-07 12:59 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-06-29 15:57 . 2009-05-12 21:31 827392 ------w- c:\windows\system32\wininet.dll
    2009-06-29 15:57 . 2009-05-12 21:31 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-29 15:57 . 2009-05-12 21:31 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-06-16 14:40 . 2009-05-12 21:31 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 14:40 . 2009-05-12 21:31 81920 ----a-w- c:\windows\system32\fontsub.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-09-04_15.42.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-05-12 21:31 . 2009-09-07 22:47 62934 c:\windows\system32\perfc009.dat
    - 2009-05-12 21:31 . 2009-09-04 15:35 62934 c:\windows\system32\perfc009.dat
    + 2009-09-04 16:31 . 2009-09-04 16:31 8192 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    + 2009-09-07 14:30 . 2009-09-07 14:30 8192 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    - 2009-05-12 21:31 . 2009-09-04 15:35 401272 c:\windows\system32\perfh009.dat
    + 2009-05-12 21:31 . 2009-09-07 22:47 401272 c:\windows\system32\perfh009.dat
    + 2009-09-04 16:31 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2009-09-04 16:31 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
    + 2009-09-04 16:31 . 2009-09-04 16:31 1232896 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
    + 2009-09-07 14:30 . 2009-09-07 14:30 1232896 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
    @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
    [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
    2008-02-28 15:39 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
    "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
    "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
    "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
    "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2009-03-10 570664]
    "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]
    "SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]
    "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-04-07 210216]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-04-27 17881088]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Nino Cioli\Menu D‚marrer\Programmes\D‚marrage\
    SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-12 376832]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "2432:TCP"= 2432:TCP:yxavcvq

    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/05/2009 22:58 55152]
    R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [28/02/2008 17:39 53032]
    R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [12/05/2009 22:08 10752]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28/04/2009 03:59 38912]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/05/2009 22:04 1684736]
    S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
    S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [12/05/2009 22:06 966912]
    S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [12/05/2009 23:14 232872]
    S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [28/04/2009 07:47 39040]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://eeepc.asus.com/global
    uInternet Settings,ProxyOverride = *.local
    IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\Nino Cioli\Application Data\Mozilla\Firefox\Profiles\l3r2ppwg.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
    FF - prefs.js: browser.search.selectedEngine - Winamp Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-08 01:04
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(724)
    c:\windows\system32\igfxdev.dll

    - - - - - - - > 'explorer.exe'(2216)
    c:\program files\Nero\Nero8\InCD\NBHShx.dll
    c:\program files\Nero\Nero8\InCD\NBHStr.dll
    c:\program files\Fichiers communs\Nero\Shared\NL3\AdvrCntr3.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Nero\Nero8\InCD\InCDsrv.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\igfxext.exe
    c:\program files\SpywareGuard\sgbhp.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2009-09-07 1:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-09-07 23:07
    ComboFix2.txt 2009-09-07 21:37
    ComboFix3.txt 2009-09-07 14:24
    ComboFix4.txt 2009-09-04 15:44

    Pre-Run: 66 976 440 320 octets libres
    Post-Run: 66 875 072 512 octets libres

    357 --- E O F --- 2009-07-31 19:16
    0
  20. Make Tacos Not War
     
    Je sais pas si tout est réglé mais je peux déjà te remercier pour avoir rétabli l'accès aux sites d'antivirus. Un truc à faire pour vérifier que tout est ok ? Un antivirus à télécharger ?
    0
  21. Utilisateur anonyme
     
    Tu devrais de nouveau avoir acces aux sites des antivirus , tu confirmes ?
    0
  • 1
  • 2