Sujet Précédent Sujet Suivant

Virus tr/patched.gen

Fermé
balance721 - 5 déc. 2009 à 11:01
 Utilisateur anonyme - 5 déc. 2009 à 14:54
Bonjour,
depuis hier je suis infectée par ce virus je le met en quarantaine avec avira mais il revient tout le temps,j'y comprend rien si vous pouviez m'aider merci

15 réponses

Réponse 1 / 15
Utilisateur anonyme
5 déc. 2009 à 14:54
passe à MBAM et poste son rapport
1
Réponse 2 / 15
Utilisateur anonyme
5 déc. 2009 à 11:05
bonjour,
peux tu poster en copier coller le dernier rapport d'avira ici ?
0
Réponse 3 / 15
balance721
5 déc. 2009 à 11:12
Avira AntiVir Personal
Report file date: samedi 5 décembre 2009 08:07

Scanning for 1417505 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FABIENNE-QB6E8N

Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 08/11/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 06:56:27
VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 06:56:27
VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 06:56:27
VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 06:56:27
VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 06:56:27
VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 06:56:27
VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 06:56:27
VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 06:56:28
VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 06:56:28
VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 06:56:28
VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 06:56:28
VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 06:56:28
VBASE013.VDF : 7.10.1.79 209920 Bytes 25/11/2009 06:56:29
VBASE014.VDF : 7.10.1.128 197632 Bytes 30/11/2009 06:56:30
VBASE015.VDF : 7.10.1.129 2048 Bytes 30/11/2009 06:56:30
VBASE016.VDF : 7.10.1.130 2048 Bytes 30/11/2009 06:56:30
VBASE017.VDF : 7.10.1.131 2048 Bytes 30/11/2009 06:56:31
VBASE018.VDF : 7.10.1.132 2048 Bytes 30/11/2009 06:56:31
VBASE019.VDF : 7.10.1.133 2048 Bytes 30/11/2009 06:56:31
VBASE020.VDF : 7.10.1.134 2048 Bytes 30/11/2009 06:56:31
VBASE021.VDF : 7.10.1.135 2048 Bytes 30/11/2009 06:56:31
VBASE022.VDF : 7.10.1.136 2048 Bytes 30/11/2009 06:56:31
VBASE023.VDF : 7.10.1.137 2048 Bytes 30/11/2009 06:56:31
VBASE024.VDF : 7.10.1.138 2048 Bytes 30/11/2009 06:56:31
VBASE025.VDF : 7.10.1.139 2048 Bytes 30/11/2009 06:56:31
VBASE026.VDF : 7.10.1.140 2048 Bytes 30/11/2009 06:56:31
VBASE027.VDF : 7.10.1.141 2048 Bytes 30/11/2009 06:56:31
VBASE028.VDF : 7.10.1.142 2048 Bytes 30/11/2009 06:56:32
VBASE029.VDF : 7.10.1.143 2048 Bytes 30/11/2009 06:56:32
VBASE030.VDF : 7.10.1.144 2048 Bytes 30/11/2009 06:56:32
VBASE031.VDF : 7.10.1.169 148992 Bytes 04/12/2009 06:56:33
Engineversion : 8.2.1.92
AEVDF.DLL : 8.1.1.2 106867 Bytes 08/11/2009 06:38:52
AESCRIPT.DLL : 8.1.2.45 586108 Bytes 05/12/2009 06:56:49
AESCN.DLL : 8.1.2.5 127346 Bytes 08/11/2009 06:38:46
AESBX.DLL : 8.1.1.1 246132 Bytes 08/11/2009 06:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 05/12/2009 06:56:48
AEPACK.DLL : 8.2.0.3 422261 Bytes 08/11/2009 06:38:40
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 08/11/2009 06:38:38
AEHEUR.DLL : 8.1.0.184 2146681 Bytes 05/12/2009 06:56:41
AEHELP.DLL : 8.1.7.5 237942 Bytes 05/12/2009 06:56:35
AEGEN.DLL : 8.1.1.78 364917 Bytes 05/12/2009 06:56:34
AEEMU.DLL : 8.1.1.0 393587 Bytes 08/11/2009 06:38:26
AECORE.DLL : 8.1.8.5 180598 Bytes 05/12/2009 06:56:33
AEBB.DLL : 8.1.0.3 53618 Bytes 08/11/2009 06:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 13/10/2009 11:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: f:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: samedi 5 décembre 2009 08:07

Starting search for hidden objects.
'124943' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'c.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msd.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'EEventManager.exe' - '1' Module(s) have been scanned
Scan process 'ACDaemon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Module is infected -> 'F:\WINDOWS\System32\svchost.exe'
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'NetworkLicenseServer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Module is infected -> 'F:\WINDOWS\System32\svchost.exe'
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Module is infected -> 'F:\WINDOWS\system32\svchost.exe'
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Module is infected -> 'F:\WINDOWS\System32\svchost.exe'
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Module is infected -> 'F:\WINDOWS\System32\svchost.exe'
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Module is infected -> 'F:\WINDOWS\system32\svchost.exe'
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Module is infected -> 'F:\WINDOWS\system32\svchost.exe'
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Module is infected -> 'F:\WINDOWS\system32\lsass.exe'
Scan process 'services.exe' - '1' Module(s) have been scanned
Module is infected -> 'F:\WINDOWS\system32\services.exe'
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Module is infected -> 'F:\WINDOWS\system32\winlogon.exe'
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

34 processes with 34 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '58' files ).


Starting the file scan:

Begin scan in 'F:\' <disque local>
F:\Documents and Settings\fabienne\jwnhgmy.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Tofsee.F.7 back-door program

Beginning disinfection:
F:\Documents and Settings\fabienne\jwnhgmy.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Tofsee.F.7 back-door program
[NOTE] The file was moved to '4b881af9.qua'!


End of the scan: samedi 5 décembre 2009 09:32
Used time: 1:24:06 Hour(s)

The scan has been canceled!

5761 Scanned directories
81340 Files were scanned
11 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
81329 Files not concerned
178 Archives were scanned
0 Warnings
1 Notes
124943 Objects were scanned with rootkit scan
0 Hidden objects were found
0
Réponse 4 / 15
balance721
5 déc. 2009 à 11:15
merci de m'aider pendant que je t'envoyai le rapport l'alerte avira s'est ouverte au moins 10 fois c'est agacant
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
Utilisateur anonyme
5 déc. 2009 à 11:18
ok, suis ceci :
• Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.
http://images.malwareremoval.com/random/RSIT.exe

Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
Double clique sur RSIT.exe pour lancer l'outil.
Clique sur ' continue ' à l'écran Disclaimer.
Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
Une fois le scan fini, 2 rapports vont apparaître. Poste le contenu des 2 rapports séparément. Ils se trouvent sur c :
(log.txt & info.txt)
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
0
Réponse 6 / 15
balance721
5 déc. 2009 à 11:20
je le fais tout de suite
0
Réponse 7 / 15
balance721
5 déc. 2009 à 11:25
je n'ai qu'un rapport:
Logfile of random's system information tool 1.06 (written by random/random)
Run by fabienne at 2009-12-05 11:23:47
Microsoft Windows XP Professionnel Service Pack 3
System drive F: has 209 GB (55%) free of 382 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:02, on 18/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
F:\WINDOWS\system32\msiexec.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\sessmgr.exe
F:\Program Files\Spyware Terminator\sp_rsser.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
F:\WINDOWS\System32\svchost.exe
F:\Documents and Settings\fabienne\Bureau\RSIT.exe
F:\Program Files\Trend Micro\HijackThis\fabienne.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.23.88.182:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with Rapget - F:\Documents and Settings\fabienne\Bureau\rapget_www.emu-passion.com\rapget.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F42F461-85DD-4D01-A7F2-1822FF731E56}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{39B6D9BF-E955-4572-BC24-734A402C5155}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A3E13D8-6BA7-412E-8199-541A9DC9415E}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{757F49BB-461E-451C-9260-1631B9F48FE2}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{90D619C9-C964-47A5-B940-D770C55EDD53}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECBDDEEA-ADF3-4869-BDE8-F4E44D6CDA7A}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0276D505-E1B2-4C61-8C2B-143C642900DA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0276D505-E1B2-4C61-8C2B-143C642900DA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS5\Services\Tcpip\..\{1F42F461-85DD-4D01-A7F2-1822FF731E56}: NameServer = 192.168.1.1
O17 - HKLM\System\CS6\Services\Tcpip\..\{1F42F461-85DD-4D01-A7F2-1822FF731E56}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - F:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - F:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - F:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - F:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - F:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - F:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WMI ICMP Echo Provider (wmipicmp32) - Unknown owner - rundll32.exe (file missing)
0
Réponse 8 / 15
balance721
5 déc. 2009 à 11:31
tu es encore la
0
Réponse 9 / 15
balance721
5 déc. 2009 à 11:37
Logfile of random's system information tool 1.06 (written by random/random)
Run by fabienne at 2009-12-05 11:21:56
Microsoft Windows XP Professionnel Service Pack 3
System drive F: has 209 GB (55%) free of 382 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:20, on 05/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
F:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
F:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\Messenger\msmsgs.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Outlook Express\msimn.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
F:\Documents and Settings\fabienne\Bureau\RSIT.exe
F:\Program Files\Trend Micro\HijackThis\fabienne.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\WINDOWS\msb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.23.88.182:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ArcSoft Connection Service] F:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [EEventManager] F:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [uvbqj] F:\WINDOWS\system32\uvbqj.exe \u
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NeoChronos] F:\DOCUME~1\fabienne\LOCALS~1\Temp\c.exe
O4 - HKCU\..\Run: [Astrocom] F:\DOCUME~1\fabienne\LOCALS~1\Temp\o.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "F:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with Rapget - F:\Documents and Settings\fabienne\Bureau\rapget_www.emu-passion.com\rapget.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec USDownloader - F:\Documents and Settings\fabienne\Bureau\USDownloader134\Ext\downloadie.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Royal Vegas Online Casino - 23E6F6A8-2254-4E81-9EF7-6B6CF042F09D - F:\Microgaming\Casino\RoyalVegas\Casinogame.exe (HKCU)
O9 - Extra button: Ruby Fortune Casino - 2D020FF1-6E9D-44F5-99F8-9253F8EA8923 - F:\Microgaming\Casino\RubyFortune\Casinogame.exe (HKCU)
O9 - Extra button: Grand Hotel Casino - 3C2877F6-EDFE-49D3-AA95-2F09A08F6BC8 - F:\Microgaming\Casino\GrandHotel\Casinogame.exe (HKCU)
O9 - Extra button: Golden Riviera Casino - 3CACEA8A-A752-4E62-95D9-60D5A4328E4A - F:\Microgaming\Casino\GoldenRiviera\Casinogame.exe (HKCU)
O9 - Extra button: Platinum Play Online Casino - 4FB19C40-8555-40CB-A34A-0D2FF6830E93 - F:\Microgaming\Casino\PlatinumPlay\Casinogame.exe (HKCU)
O9 - Extra button: All Slots Casino - 5A3AB5F4-2A52-4BEB-B096-29F57BB97B71 - F:\Microgaming\Casino\AllSlots\Casinogame.exe (HKCU)
O9 - Extra button: Roxy Palace Online Casino - 7420F289-8E52-49C3-978F-06F108BF2889 - F:\Microgaming\Casino\RoxyPalace\Casinogame.exe (HKCU)
O9 - Extra button: Lucky Emperor Casino - 8247476F-7D5A-4EC4-B19A-7761CFD25791 - F:\Microgaming\Casino\LuckyEmperor\Casinogame.exe (HKCU)
O9 - Extra button: Quatro Casino - 9BDC9694-A174-422C-A14B-3F67C411C998 - F:\Microgaming\Casino\QuatroCasino\Casinogame.exe (HKCU)
O9 - Extra button: Jackpot City Online Casino - CACF45CF-7A41-4008-B4E2-65ED278E82B9 - F:\Microgaming\Casino\JackpotCity\Casinogame.exe (HKCU)
O9 - Extra button: All Jackpots - D744AE09-D459-4FE8-B2BA-247867EA6896 - F:\Microgaming\Casino\alljackpots\Casinogame.exe (HKCU)
O9 - Extra button: Casino Action - F69FFB33-48ED-4056-B750-9C7661BAB210 - F:\Microgaming\Casino\CasinoAction\Casinogame.exe (HKCU)
O9 - Extra button: Mummys Gold Casino - FF66DCD2-4BA2-4A83-86D6-C98410EF3085 - F:\Microgaming\Casino\MummysGoldCasino\Casinogame.exe (HKCU)
O9 - Extra button: The Gaming Club - {7077EC3C-14A6-4F48-B459-AC94C37F5D11} - F:\Microgaming\Casino\GamingClub\casinogame.exe (HKCU)
O9 - Extra button: Golden Tiger Casino - {A330BAAC-492A-4BED-849D-E60B9F67AF8E} - F:\Microgaming\Casino\GoldenTiger\casinogame.exe (HKCU)
O9 - Extra button: Spin Palace Casino - {B1BF4709-D3F0-4730-A97F-AD2248E5D23F} - F:\Microgaming\Casino\SpinPalace\casinogame.exe (HKCU)
O9 - Extra button: Villento - {ED10D053-C206-4244-A163-AFC159B31BBE} - F:\Microgaming\Casino\Villento\casinogame.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F42F461-85DD-4D01-A7F2-1822FF731E56}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{39B6D9BF-E955-4572-BC24-734A402C5155}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A3E13D8-6BA7-412E-8199-541A9DC9415E}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{757F49BB-461E-451C-9260-1631B9F48FE2}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{90D619C9-C964-47A5-B940-D770C55EDD53}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB0AF770-E6E1-4B6D-BE94-89907BCDE928}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECBDDEEA-ADF3-4869-BDE8-F4E44D6CDA7A}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0276D505-E1B2-4C61-8C2B-143C642900DA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0276D505-E1B2-4C61-8C2B-143C642900DA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS5\Services\Tcpip\..\{1F42F461-85DD-4D01-A7F2-1822FF731E56}: NameServer = 192.168.1.1
O17 - HKLM\System\CS6\Services\Tcpip\..\{1F42F461-85DD-4D01-A7F2-1822FF731E56}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Service de licence ABBYY FineReader 9.0 (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - F:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - F:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - F:\WINDOWS\system32\svchost.exe
O23 - Service: Audio Windows (AudioSrv) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - F:\WINDOWS\system32\svchost.exe
O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - F:\WINDOWS\system32\svchost.exe
O23 - Service: CryptSvc - Unknown owner - F:\WINDOWS\system32\svchost.exe
O23 - Service: Lanceur de processus serveur DCOM (DcomLaunch) - Unknown owner - F:\WINDOWS\system32\svchost.exe
O23 - Service: Client DHCP (Dhcp) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Client DNS (Dnscache) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Configuration automatique de réseau câblé (Dot3svc) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Service Protocole EAP (Extensible Authentication Protocol) (EapHost) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - F:\WINDOWS\system32\services.exe
O23 - Service: Système d'événements de COM+ (EventSystem) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Service Google Update (gupdate1ca2489aab2376a) (gupdate1ca2489aab2376a) - Google Inc. - F:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Aide et support (helpsvc) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Service Gestion des clés et des certificats d'intégrité (hkmsvc) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serveur (lanmanserver) - Unknown owner - F:\WINDOWS\system32\svchost.exe
O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - F:\WINDOWS\system32\svchost.exe
O23 - Service: Assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - F:\WINDOWS\system32\svchost.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - F:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - F:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Agent de protection d'accès réseau (napagent) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - F:\WINDOWS\system32\lsass.exe
O23 - Service: Connexions réseau (Netman) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: NLA (Network Location Awareness) (Nla) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - F:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - F:\WINDOWS\system32\lsass.exe
O23 - Service: Stockage amovible (NtmsSvc) - Unknown owner - F:\WINDOWS\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - F:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Services IPSEC (PolicyAgent) - Unknown owner - F:\WINDOWS\system32\lsass.exe
O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - F:\WINDOWS\system32\lsass.exe
O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Appel de procédure distante (RPC) (RpcSs) - Unknown owner - F:\WINDOWS\system32\svchost.exe
O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - F:\WINDOWS\system32\lsass.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Secondary Logon (seclogon) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Notification d'événement système (SENS) - Unknown owner - F:\WINDOWS\system32\svchost.exe
O23 - Service: Pare-feu Windows / Partage de connexion Internet (SharedAccess) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Détection matériel noyau (ShellHWDetection) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - F:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Service de restauration système (srservice) - Unknown owner - F:\WINDOWS\system32\svchost.exe
O23 - Service: Service de découvertes SSDP (SSDPSRV) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: SSHNAS - Unknown owner - F:\WINDOWS\system32\svchost.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - F:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Acquisition d'image Windows (WIA) (stisvc) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Téléphonie (TapiSrv) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Services Terminal Server (TermService) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Thèmes (Themes) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Hôte de périphérique universel Plug-and-Play (upnphost) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Horloge Windows (W32Time) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: WebClient - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Infrastructure de gestion Windows (winmgmt) - Unknown owner - F:\WINDOWS\system32\svchost.exe
O23 - Service: Service de numéro de série du lecteur multimédia portable (WmdmPmSN) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: WMI ICMP Echo Provider (wmipicmp32) - Unknown owner - rundll32.exe (file missing)
O23 - Service: Centre de sécurité (wscsvc) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - F:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - F:\WINDOWS\system32\svchost.exe
O23 - Service: Configuration automatique sans fil (WZCSVC) - Unknown owner - F:\WINDOWS\System32\svchost.exe
O23 - Service: Service d'approvisionnement réseau (xmlprov) - Unknown owner - F:\WINDOWS\System32\svchost.exe
0
Réponse 10 / 15
Utilisateur anonyme
5 déc. 2009 à 12:21
tu es infecté par un vers :-(

• Mode Recherche :

Desactive ton antivirus le temps de la manip ainsi que ton pare-feu si présent

Télécharge list&Killem.zip et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip
Utilise un programme pour dézipper le fichier compressé.
Exécute le fichier Killem.exe.
Il ne nécessite pas d'installation
double clic (clic droit "exécuter en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 1 = Mode Recherche
laisse travailler l'outil
le rapport va s’afficher, une fois le scan fini
colle le contenu sur un forum spécialisé
0
Réponse 11 / 15
balance721
5 déc. 2009 à 12:46
ok je le fais
0
Réponse 12 / 15
balance721
5 déc. 2009 à 13:04
c'est bloqué sur " test rootkits" est ce normale
0
Réponse 13 / 15
Utilisateur anonyme
5 déc. 2009 à 13:29
ok, on va le faire autrement :-)

•/!\Avertissement :
Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.
Ne pas utiliser en dehors de ce cas de figure : dangereux!

Télécharges ComboFix à partir de ce lien :
https://forospyware.com
ou ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Et important, enregistre le sur le bureau.
Avant d'utiliser ComboFix :
► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

Si ça ne marche pas, tu vires combofix de sur ton bureau et tu télécharge depuis ce lien jacombo qui est combofix renommé cela permet de contrer certaine infection, tu le mets sur ton bureau et tu suis les explications données dans la procédure de combofix
http://sd-1.archive-host.com/membres/up/89820622056365782/jacombo.exe




•Télécharge Malwarebytes' Anti-Malware:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

ou ici : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
. sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
. enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. Une fois la mise à jour terminé
. rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. Tu cliques droit dans le cadre de la réponse et coller
. À la fin du scan, il se peut que MBAM ait besoin de redémarrer le pc pour finaliser la suppression, donc pas de panique !!!

Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/


poste moi les rapports ici sur le forum et sur tes prochains messages
0
Réponse 14 / 15
balance721
5 déc. 2009 à 14:12
quand je veus envoyer le rapport ca me dit que j'ai deja envoyer ce message
0
Réponse 15 / 15
balance721
5 déc. 2009 à 14:34
ComboFix 09-12-04.04 - fabienne 05/12/2009 14:19.5.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1657 [GMT 1:00]
Lancé depuis: f:\documents and settings\fabienne\Mes documents\Téléchargements\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-11-05 au 2009-12-05 ))))))))))))))))))))))))))))))))))))
.

2009-12-05 11:47 . 2009-12-05 11:47 -------- d-----w- F:\Kill'em
2009-12-05 07:27 . 2009-06-30 08:37 28552 ----a-w- f:\windows\system32\drivers\pavboot.sys
2009-12-05 07:25 . 2009-12-05 07:25 -------- d-----w- f:\program files\Panda Security
2009-12-05 06:55 . 2009-07-28 14:33 55656 ----a-w- f:\windows\system32\drivers\avgntflt.sys
2009-12-05 06:55 . 2009-03-30 08:33 96104 ----a-w- f:\windows\system32\drivers\avipbb.sys
2009-12-05 06:55 . 2009-02-13 10:29 22360 ----a-w- f:\windows\system32\drivers\avgntmgr.sys
2009-12-05 06:55 . 2009-02-13 10:17 45416 ----a-w- f:\windows\system32\drivers\avgntdd.sys
2009-12-05 06:55 . 2009-12-05 06:55 -------- d-----w- f:\documents and settings\All Users\Application Data\Avira
2009-12-04 09:12 . 2009-12-05 07:34 -------- d-----w- f:\documents and settings\fabienne\Application Data\DVD Profiler
2009-12-04 07:43 . 2009-12-05 07:34 -------- d-----w- f:\program files\DVD Profiler
2009-12-03 14:22 . 2009-12-03 14:22 520192 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriesvegas3cardrummyxxx.601531cc99c91a77f35e0800b60d912d.dll
2009-12-03 14:22 . 2009-12-03 14:22 614400 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriesvegas3cardrummyplugin.efd1da25ceb79224e214006804f35d0e.dll
2009-12-03 14:22 . 2009-12-03 14:22 221184 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriesvegas3cardrummystatsplugin.cb2b732d7e1168de937cf95242815aad.dll
2009-12-03 14:22 . 2009-12-03 14:22 1486848 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_gao_dec_2009.cd728f719824c5074cc6023ea106ea1e.dll
2009-12-03 14:22 . 2009-12-03 14:22 679936 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\t\transition_gao_dec_2009.ddf657439bc1cbce99e8763fee9803a4.dll
2009-12-03 14:22 . 2009-12-03 14:22 618496 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_gao_dec_2009.637d031249b1b22e0b31d5303f3811be.dll
2009-12-03 14:22 . 2009-12-03 14:22 1040384 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_gao_dec_2009.f5605c1fe8513561f2bef5c3c0c1a546.dll
2009-12-03 14:20 . 2009-12-03 14:20 868352 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\d\draganddropbonus_scrooge.62dccf0a4e9a1df28a3ba199cf29a2f3.dll
2009-12-03 14:20 . 2009-12-03 14:20 835584 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\v\visibleareapickxofybonus_scrooge.cf8bcd9270ebde8f01d0eb78d3a7c654.dll
2009-12-03 14:20 . 2009-12-03 14:20 1552384 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_scrooge.08da86f5359e1f4fa3c3179dc0c390bb.dll
2009-12-03 14:20 . 2009-12-03 14:20 1060864 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_scrooge.594456c7753ff164fbec07e35ec06a41.dll
2009-12-03 14:20 . 2009-12-03 14:20 684032 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\t\transition_scrooge.bc6efdb0b076347754d1b5440065fba2.dll
2009-12-03 14:15 . 2009-12-03 14:15 1052672 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_tribaltreasure.c6b2bdd41fd192f3b0951fc8f6c187c2.dll
2009-12-03 14:15 . 2009-12-03 14:15 679936 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\t\transition_tribaltreasure.3012fbe9c0650124d3c8c14a88df10de.dll
2009-12-03 14:15 . 2009-12-03 14:15 618496 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\gamble_tribaltreasure.5c9d5fb24b5cdd860de84ae37fc6ca9e.dll
2009-12-03 14:15 . 2009-12-03 14:15 1499136 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_tribaltreasure.879148744397022e46f87429a6b114e6.dll
2009-12-03 13:36 . 2009-12-03 13:50 -------- d-----w- f:\documents and settings\fabienne\Application Data\CasinoOnNet
2009-12-03 13:36 . 2009-12-03 13:45 -------- d-----w- f:\program files\CasinoOnNet
2009-12-01 09:18 . 2009-12-01 09:18 417792 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\m\menucore.b2d66e3fd98795f022471c120346822f.dll
2009-11-25 07:30 . 2009-11-25 07:30 -------- d-----w- f:\documents and settings\fabienne\Application Data\LivingActor
2009-11-25 07:30 . 2009-11-25 07:30 -------- d-----w- f:\program files\LivingActor
2009-11-25 07:23 . 2009-11-25 07:23 -------- d-----w- f:\program files\OPPBTP
2009-11-23 09:34 . 2009-11-23 09:44 -------- d-----w- f:\documents and settings\fabienne\Application Data\Epson
2009-11-23 09:19 . 2009-11-23 09:21 -------- d-----w- f:\program files\Epson Software
2009-11-23 09:19 . 2009-11-23 09:19 -------- d-----w- f:\documents and settings\fabienne\Local Settings\Application Data\ArcSoft
2009-11-23 09:18 . 2009-11-23 10:17 -------- d-----w- f:\program files\ABBYY FineReader 6.0 Sprint
2009-11-23 09:18 . 2009-11-23 09:18 -------- d-----w- f:\documents and settings\All Users\Application Data\ArcSoft
2009-11-23 09:18 . 2006-11-10 14:05 18688 ----a-w- f:\windows\system32\drivers\afc.sys
2009-11-23 09:17 . 2009-11-23 09:18 -------- d-----w- f:\program files\Fichiers communs\ArcSoft
2009-11-23 09:17 . 2009-11-23 09:17 -------- d-----w- f:\program files\ArcSoft
2009-11-23 09:13 . 2008-06-18 23:00 65793 ----a-w- f:\windows\system32\esfw8b.bin
2009-11-23 09:13 . 2008-06-18 23:00 204800 ----a-w- f:\windows\system32\esint8b.dll
2009-11-23 09:13 . 2007-12-27 23:00 73216 ----a-w- f:\windows\system32\eswia8b.dll
2009-11-23 09:13 . 2006-08-25 00:00 9216 ----a-w- f:\windows\system32\escdev.dll
2009-11-23 09:13 . 2006-03-09 23:00 3584 ----a-w- f:\windows\system32\eswiaml.dll
2009-11-23 09:13 . 2009-11-23 09:15 -------- d-----w- f:\program files\epson
2009-11-21 14:56 . 2007-10-29 17:25 372736 ----a-r- f:\windows\system32\hppldcoi.dll
2009-11-21 14:56 . 2007-10-29 17:25 309760 ----a-r- f:\windows\system32\difxapi.dll
2009-11-21 14:56 . 2007-10-29 17:11 303104 ----a-r- f:\windows\system32\hpovst15.dll
2009-11-21 14:56 . 2007-10-29 17:11 581632 ----a-r- f:\windows\system32\hpotscl6.dll
2009-11-21 14:56 . 2007-10-29 17:11 729088 ----a-r- f:\windows\system32\hpowiax7.dll
2009-11-21 14:54 . 2009-11-21 16:35 178233 ----a-w- f:\windows\hpoins27.dat
2009-11-21 14:54 . 2008-01-17 23:56 932 ------w- f:\windows\hpomdl27.dat
2009-11-21 14:54 . 2009-11-21 14:54 -------- d-----w- f:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-11-21 14:53 . 2007-10-20 17:25 117760 ----a-w- f:\windows\system32\hpzll5mu.dll
2009-11-21 14:53 . 2007-10-20 17:21 278016 ----a-w- f:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2009-11-19 09:15 . 2009-11-19 09:15 290922 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\m\mpvcommunityslotsplugin.5754aaa94ce09bd30bcf3e6854410489.dll
2009-11-19 09:15 . 2009-11-19 09:15 262252 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\wheelofwealthbonusplugin.6c0e321acbcdf9cd162f9ebd5bdd2a49.dll
2009-11-19 09:15 . 2009-11-19 09:15 282699 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\slotxxx.67f1296c5da24efba618b3ba72a7499e.dll
2009-11-19 09:15 . 2009-11-19 09:15 110674 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\slotdialogs.4fdea635d4a6cfd9eb1ead9aa5fa182b.dll
2009-11-19 09:15 . 2009-11-19 09:15 98390 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\singleobjects.0d588bfc081a33b0dd55ea51043fd805.dll
2009-11-19 09:15 . 2009-11-19 09:15 417792 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\m\menucore.7420859633d968af6cd344ca3ce93d87.dll
2009-11-16 14:37 . 2009-11-27 14:47 -------- d-----w- f:\program files\TraditionCasino
2009-11-09 17:45 . 2009-11-10 19:09 43520 ----a-w- f:\windows\system32\CmdLineExt03.dll
2009-11-09 17:45 . 2003-03-15 23:15 90112 ----a-w- f:\windows\unvise32.exe
2009-11-09 17:40 . 2009-11-09 17:45 -------- d-----w- f:\program files\SoldnerSecretWars
2009-11-06 10:15 . 2009-11-06 10:15 1040384 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_novgao_09.0f4a9e5f0c3aacc5fd59c75d3646b44e.dll
2009-11-06 10:15 . 2009-11-06 10:15 1474560 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_novgao_09.bca283e127879ce59170c465ef11ba05.dll
2009-11-06 10:15 . 2009-11-06 10:15 921600 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_novgao_09.2d0e2f5fb79a1dee2f0dba3ac916277d.dll
2009-11-06 10:15 . 2009-11-06 10:15 897024 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_novgao_09.cf52962a5fbf37c5c088bd5d667653d4.dll
2009-11-06 10:15 . 2009-11-06 10:15 618496 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_novgao_09.5e06bb19f897ab866a50c262ff639055.dll
2009-11-06 10:15 . 2009-11-06 10:15 679936 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\t\transition_novgao_09.002d2269f327b0c9a9e9f327bc91130b.dll
2009-11-06 09:52 . 2009-11-06 09:52 417792 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\m\menucore.8910ba755486798caf455d75c4b740cc.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 12:34 . 2008-04-09 12:08 29 ----a-w- f:\windows\popcinfo.dat
2009-12-05 12:34 . 2008-08-07 15:03 -------- d-----w- f:\program files\userdata
2009-12-05 10:24 . 2003-12-17 16:03 7168 --sha-w- f:\program files\Thumbs.db
2009-12-05 09:53 . 2009-09-08 13:48 -------- d-----w- f:\program files\Universal Share Downloader
2009-12-05 09:27 . 2008-05-26 13:41 -------- d-----w- f:\program files\Avira
2009-12-05 07:14 . 2009-06-10 13:12 117760 ----a-w- f:\documents and settings\fabienne\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-05 06:41 . 2008-03-04 13:11 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-04 18:03 . 2007-12-28 20:59 -------- d-----w- f:\documents and settings\All Users\Application Data\Google Updater
2009-12-04 14:21 . 2008-01-08 09:25 -------- d-----w- f:\documents and settings\fabienne\Application Data\dvdcss
2009-12-04 10:53 . 2008-01-25 08:51 -------- d-----w- f:\program files\eMule
2009-11-28 13:27 . 2008-02-26 19:01 -------- d---a-w- f:\documents and settings\All Users\Application Data\TEMP
2009-11-23 09:24 . 2007-12-28 19:21 -------- d--h--w- f:\program files\InstallShield Installation Information
2009-11-12 15:03 . 2009-08-27 15:50 -------- d-----w- f:\program files\Scratch2Cash
2009-11-03 08:07 . 2009-11-03 08:07 -------- d-----w- f:\documents and settings\fabienne\Application Data\ImgBurn
2009-11-03 07:07 . 2009-11-03 07:07 -------- d-----w- f:\program files\ImgBurn
2009-10-28 07:21 . 2009-10-28 07:23 102664 ----a-w- f:\windows\system32\drivers\tmcomm.sys
2009-10-28 06:51 . 2008-01-13 08:14 -------- d-----w- f:\program files\Fichiers communs\Adobe
2009-10-26 06:36 . 2001-08-28 14:00 572442 ----a-w- f:\windows\system32\perfh00C.dat
2009-10-26 06:36 . 2001-08-28 14:00 110658 ----a-w- f:\windows\system32\perfc00C.dat
2009-10-24 15:35 . 2009-10-24 15:35 -------- d-----w- f:\documents and settings\fabienne\Application Data\Aisle 5 Games, Inc
2009-10-24 15:35 . 2008-04-10 17:54 -------- d-----w- f:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-10-24 15:33 . 2009-10-24 12:14 -------- d-----w- f:\program files\G.H.O.S.T. Chronicles - Le Fantome de la Foire de la Renaissance
2009-10-24 11:38 . 2009-10-24 11:38 -------- d-----w- f:\documents and settings\fabienne\Application Data\Games
2009-10-24 11:38 . 2009-10-24 10:25 -------- d-----w- f:\program files\Departement 42 - Le Mystere des Neuf
2009-10-24 11:35 . 2009-10-24 11:35 -------- d-----w- f:\program files\Strange Cases - Le Mystere des Cartes de Tarot
2009-10-24 11:00 . 2009-10-24 10:59 -------- d-----w- f:\program files\Princesse Isabella - Le Chateau Ensorcele
2009-10-24 10:09 . 2008-03-27 16:19 -------- d-----w- f:\program files\Zylom Games
2009-10-24 10:02 . 2008-03-27 16:43 -------- d-----w- f:\documents and settings\fabienne\Application Data\Zylom
2009-10-24 09:32 . 2009-10-24 09:32 -------- d-----w- f:\documents and settings\fabienne\Application Data\Gamenauts
2009-10-24 07:46 . 2008-10-25 11:39 -------- d-----w- f:\documents and settings\fabienne\Application Data\PlayFirst
2009-10-24 07:46 . 2008-10-25 11:39 -------- d-----w- f:\documents and settings\All Users\Application Data\PlayFirst
2009-10-24 07:38 . 2008-04-10 17:54 -------- d-----w- f:\program files\bfgclient
2009-10-23 09:46 . 2009-10-23 09:39 -------- d-----w- f:\program files\iNetBet Casino
2009-10-15 11:31 . 2009-10-15 11:31 -------- d-----w- f:\documents and settings\All Users\Application Data\IM
2009-10-15 11:30 . 2009-10-15 11:30 -------- d-----w- f:\documents and settings\All Users\Application Data\IncrediMail
2009-10-12 11:58 . 2009-10-12 11:58 1236992 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\k\kfm_kungfubonus.7648b1705a4c13b46555323f6f9957fe.dll
2009-10-10 09:07 . 2009-10-09 11:58 -------- d-----w- f:\program files\RaPiZ PSP Software
2009-10-10 08:02 . 2009-10-10 08:02 -------- d-----w- f:\program files\InterCasino France
2009-10-09 16:53 . 2009-10-09 16:53 544768 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriestexasholdembonuspokerxxx.438143241fa4db3dec756421eaae9ed1.dll
2009-10-09 16:53 . 2009-10-09 16:53 221184 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriestexasholdembonuspokerstatsplugin.182ee2e6a10bbd7802a16c2b9de95f08.dll
2009-10-09 16:53 . 2009-10-09 16:53 655360 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriestexasholdembonuspokerplugin.c24ff1b97c271db3b9ac6babf39f8c38.dll
2009-10-09 16:23 . 2009-10-06 13:59 -------- d-----w- f:\program files\GfedEurofr2F
2009-10-09 16:16 . 2009-10-09 16:16 49152 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakstrategylogic1.64d4f0467e0e777ddfbb02e7544f98fa.dll
2009-10-09 16:16 . 2009-10-09 16:16 192512 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakxxx.af25beaa0378c2b2eaa341b7d8c64966.dll
2009-10-09 16:16 . 2009-10-09 16:16 98304 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakautoplayplugin.bd0995adc01c55d3f345d8fc81d6bf13.dll
2009-10-09 16:16 . 2009-10-09 16:16 417792 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakplugin.85c5094e4412e0647ba5f7a72219a89d.dll
2009-10-09 16:16 . 2009-10-09 16:16 106496 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakstatsplugin.c622fc192c22f951a4bf27988c8c48e0.dll
2009-10-09 16:16 . 2009-10-09 16:16 126976 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakstrategyui1.c4a60b718047a7230c1f7eb62e24ac16.dll
2009-10-09 13:08 . 2009-10-09 13:08 -------- d-----w- f:\program files\QuickMediaConverter
2009-10-09 12:09 . 2009-10-09 12:09 679936 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\t\transition_octgao_09.7768fe95f9efff3962c913196fe05f6a.dll
2009-10-09 12:09 . 2009-10-09 12:09 618496 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_octgao_09.ae6289cf11b05446123a7e16d97ef025.dll
2009-10-09 12:09 . 2009-10-09 12:09 1040384 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_octgao_09.b8c78bdbd5f2e8ca0e10a0e307926db4.dll
2009-10-09 12:09 . 2009-10-09 12:09 901120 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_octgao_09.8eb7dff6ab1c8166b7a83d669d6f1b7d.dll
2009-10-09 12:09 . 2009-10-09 12:09 1478656 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_octgao_09.c2cbb8fc70fbf865a9d78d9a5874a4ce.dll
2009-10-09 11:54 . 2009-10-09 11:54 -------- d-----w- f:\documents and settings\fabienne\Application Data\Media Player Classic
2009-10-09 11:41 . 2009-10-09 11:41 135638 ----a-r- f:\documents and settings\fabienne\Application Data\Microsoft\Installer\{69F896FB-139D-405C-ABE8-88D50547B986}\_BC9DA1CE59E1210ACC2505.exe
2009-10-09 11:41 . 2009-10-09 11:41 135638 ----a-r- f:\documents and settings\fabienne\Application Data\Microsoft\Installer\{69F896FB-139D-405C-ABE8-88D50547B986}\_29345B4F8542FEEE7B2FFE.exe
2009-10-09 11:41 . 2009-10-09 11:41 121915 ----a-r- f:\documents and settings\fabienne\Application Data\Microsoft\Installer\{69F896FB-139D-405C-ABE8-88D50547B986}\_01042A4EE960F203E989EB.exe
2009-10-09 11:41 . 2009-10-09 11:41 120577 ----a-r- f:\documents and settings\fabienne\Application Data\Microsoft\Installer\{69F896FB-139D-405C-ABE8-88D50547B986}\_6FEFF9B68218417F98F549.exe
2009-10-09 11:41 . 2009-10-09 11:41 10134 ----a-r- f:\documents and settings\fabienne\Application Data\Microsoft\Installer\{69F896FB-139D-405C-ABE8-88D50547B986}\_D6BF6439D6E1CD059814D5.exe
2009-10-09 11:41 . 2009-10-09 11:41 -------- d-----w- f:\program files\EdenSoftware
2009-10-09 11:30 . 2008-12-15 10:01 -------- d-----w- f:\program files\Red Kawa
2009-10-09 09:46 . 2007-12-29 08:25 -------- d-----w- f:\program files\K-Lite Codec Pack
2009-10-09 09:46 . 2008-12-15 10:01 -------- d-----w- f:\program files\AviSynth 2.5
2009-10-09 09:46 . 2009-10-09 09:46 -------- d-----w- f:\program files\AVN Products
2009-10-09 06:08 . 2008-12-15 13:12 -------- d-----w- f:\program files\WinAVI MP4 Converter
2009-10-08 18:29 . 2009-10-08 18:29 -------- d-----w- f:\documents and settings\fabienne\Application Data\Red Kawa
2009-10-08 17:23 . 2009-10-08 17:23 -------- d-----w- f:\documents and settings\fabienne\Application Data\ImTOO Software Studio
2009-10-02 15:54 . 2009-10-02 15:54 36926 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_reddog.17e4bed26b7398ee9c45c72ed478a759.dll
2009-10-02 15:53 . 2009-10-02 15:53 65536 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\sizzlingscorpionsbonus.b810fd9a6f22045661d97e29b7b598bb.dll
2009-10-02 15:53 . 2009-10-02 15:53 151552 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\sicbo.947b265d4f68e9c480664c57d59ab47c.dll
2009-09-30 12:18 . 2008-07-29 06:07 94992 ----a-w- f:\windows\system32\Vb5fr.dll
2009-09-30 12:18 . 2001-08-28 14:00 1334032 ----a-w- f:\windows\system32\Msvbvm50.dll
2009-09-29 07:50 . 2009-09-29 07:50 114822 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_progcyberstud.e038aa28085a77aa97b543eea1b2f3b9.dll
2009-09-29 07:50 . 2009-09-29 07:50 41013 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_cyberstud.1b8f431ce9dfe38861b98045dc7bc82c.dll
2009-09-29 07:48 . 2009-09-29 07:48 393216 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\f\flyingwitchbonus.178abae7811f3ce106a1068e2f8e83aa.dll
2009-09-29 07:47 . 2009-09-29 07:47 352256 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\spinningwandbonus.71b441eaf88d72b917384cc517583ca7.dll
2009-09-29 07:45 . 2009-09-29 07:45 348432 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\whatonearth.0a3ab3633f8df69ecc1bb0d848f47412.dll
2009-09-29 07:45 . 2009-09-29 07:45 352528 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\whatonearthxxx.b1cc356ee36fb84ac5c9eca977aa894a.dll
2009-09-29 07:45 . 2009-09-29 07:45 250128 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\whatonearthbonus.4a3c41468d5b693ba49db2c04b228a66.dll
2009-09-29 07:43 . 2009-09-29 07:43 1171456 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\wealthspa_stonebonus.884fe3f012cc21e9f4b94beccb344fe5.dll
2009-09-29 07:43 . 2009-09-29 07:43 1204224 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\wealthspa_bathbonus.eaf1477312e7ecb9b1c7aa0a26e6ac61.dll
2009-09-29 07:22 . 2009-09-29 07:22 1142784 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\wealthspa_bodywaxbonus.86b2e4bb4c8e68cbf84cdb6310c39218.dll
2009-09-29 07:19 . 2009-09-29 07:19 1290240 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\wealthspa_smoothiebonus.779ec9c8439f59a40852d4a998367c4f.dll
2009-09-29 07:18 . 2009-09-29 07:18 827392 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\p\playerinstantiatedchoosebonus.ceb25d7dda7b0effc207d3dec6e30288.dll
2009-09-29 07:14 . 2009-09-29 07:14 1196032 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\wealthspa_massagebonus.0e575cb178075b87da73199c7e3bdcc1.dll
2009-09-29 07:13 . 2009-09-29 07:13 221456 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\v\vegascrapsxxx.9260625f65eb4bc5b68e6b446a4be9ec.dll
2009-09-29 07:13 . 2009-09-29 07:13 110592 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\v\vegascraps.b5db027e00863192286f05af6c1d7fd0.dll
2009-09-29 07:12 . 2009-09-29 07:12 114688 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\u\usroulette.111677cc695657a0c9a392432a7a3d55.dll
2009-09-28 14:08 . 2009-09-28 14:08 286720 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\t\triplesevens.ea88c1daf2f35b92e00a6e671b7e9a0a.dll
2009-09-28 13:55 . 2009-09-28 13:55 499984 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\greatgalaxycasinobonus.55dde164a6c32cf7a5be1bb8e3746043.dll
2009-09-28 13:44 . 2009-09-28 13:44 700416 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\p\pickuntilcollectbonus.07d287f25bba4ccba9ff2af0dedb4455.dll
2009-09-28 13:42 . 2009-09-28 13:42 380928 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\p\pickuntilcollectbonus_tggg.e66cbfaf93bc06e345be6dacdf926516.dll
2009-09-28 13:12 . 2009-09-28 13:12 860160 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\scoopthecashbonus.bba34ca69d484ca056b3150cf3511c31.dll
2009-09-28 13:11 . 2009-09-28 13:11 131072 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\r\rouletteroyale.78fbb4e6860f34eb015928fa5c78c605.dll
2009-09-28 13:06 . 2009-09-28 13:06 245760 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\p\pokerride.0e46f0612786991e4a026d6c70ac2e93.dll
2009-09-28 13:06 . 2009-09-28 13:06 188416 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\p\pokerpursuit.99406aaa92216ca4bca884748c50551a.dll
2009-09-28 13:02 . 2009-09-28 13:02 1024000 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofychoicebonus_summerholiday.2f3c0065ff052710ed0c13651e2571da.dll
2009-09-28 13:00 . 2009-09-28 13:00 495888 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofychoicebonus.281bc5f32411b92464f05fd4a21f7e74.dll
2009-09-28 12:55 . 2009-09-28 12:55 376832 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\v\vegasstripblackjack.59f244d12616734754d6150b8b007a01.dll
2008-11-25 08:28 . 2008-11-25 08:28 8192 --sha-w- f:\windows\o2cLicStore.bin
.

------- Sigcheck -------

[7] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 02:34 . !HASH: COULD NOT OPEN FILE !!!!! . 516096 . . [------] . . f:\windows\system32\winlogon.exe
[7] 2004-08-19 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\winlogon.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="f:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"ArcSoft Connection Service"="f:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"EEventManager"="f:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"Malwarebytes Anti-Malware (reboot)"="f:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="f:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- f:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ADVANCE WL-54PCI.lnk]

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hyperappel du Petit Larousse 2008.lnk]

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WiFi Station pour Livebox.lnk]

[HKLM\~\startupfolder\F:^Documents and Settings^fabienne^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]

[HKLM\~\startupfolder\F:^Documents and Settings^fabienne^Menu Démarrer^Programmes^Démarrage^ubisoft register.lnk]
path=f:\documents and settings\fabienne\Menu Démarrer\Programmes\Démarrage\ubisoft register.lnk
backup=f:\windows\pss\ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Boonty Games"=3 (0x3)
"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Program Files\\eMule\\emule.exe"=
"f:\\WINDOWS\\system32\\rtcshare.exe"=
"f:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"f:\\Program Files\\Hercules\\WiFi Station pour Livebox\\WiFiStationLB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Azureus\\Azureus.exe"=
"f:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"f:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"f:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"f:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"f:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"f:\\WINDOWS\\system32\\PnkBstrA.exe"=
"f:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\USArmy\\America's Army 3\\Binaries\\AA3Game.exe"=
"f:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"f:\\Program Files\\MotoGP2\\motogp2.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4500:TCP"= 4500:TCP:emule
"4600:UDP"= 4600:UDP:emule
"13307:TCP"= 13307:TCP:azureus
"13307:UDP"= 13307:UDP:azureus
"13308:TCP"= 13308:TCP:azureus
"13308:UDP"= 13308:UDP:azureus
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"56418:TCP"= 56418:TCP:Pando Media Booster
"56418:UDP"= 56418:UDP:Pando Media Booster

R0 pavboot;pavboot;f:\windows\system32\drivers\pavboot.sys [05/12/2009 08:27 28552]
R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 09:05 9968]
R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 09:05 72944]
R2 ABBYY.Licensing.FineReader.Professional.9.0;Service de licence ABBYY FineReader 9.0;f:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [24/09/2007 18:11 566560]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\program files\Avira\AntiVir Desktop\sched.exe [05/12/2009 07:55 108289]
R3 V0420VID;Live! Cam Vista IM (VF0420);f:\windows\system32\drivers\V0420Vid.sys [16/07/2009 12:36 99648]
S0 sptd;sptd;f:\windows\system32\drivers\sptd.sys [08/01/2008 08:39 715248]
S2 gupdate1ca2489aab2376a;Service Google Update (gupdate1ca2489aab2376a);f:\program files\Google\Update\GoogleUpdate.exe [24/08/2009 08:08 133104]
S2 MSSQL$EBP;SQL Server (EBP);f:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [26/02/2008 21:08 29183504]
S2 NVVVZJJR;NVVVZJJR;\??\f:\windows\system32\drivers\NVVVZJJR.sys --> f:\windows\system32\drivers\NVVVZJJR.sys [?]
S2 wmipicmp32;WMI ICMP Echo Provider;rundll32.exe f:\windows\system32\wmipicmp32.dll,ehec --> rundll32.exe f:\windows\system32\wmipicmp32.dll,ehec [?]
S2 wrkvrtnr;wrkvrtnr;\??\f:\windows\system32\drivers\wrkvrtnr.sys --> f:\windows\system32\drivers\wrkvrtnr.sys [?]
S3 aaudstum;aaudstum;\??\f:\docume~1\fabienne\LOCALS~1\Temp\aaudstum.sys --> f:\docume~1\fabienne\LOCALS~1\Temp\aaudstum.sys [?]
S3 maconfservice;Ma-Config Service;f:\program files\ma-config.com\maconfservice.exe [29/05/2009 16:13 195752]
S3 npggsvc;nProtect GameGuard Service;f:\windows\system32\GameMon.des -service --> f:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;f:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 09:05 7408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2009-12-01 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-12-05 f:\windows\Tasks\Google Software Updater.job
- f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-28 07:30]

2009-12-05 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-08-24 07:08]

2009-12-05 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-08-24 07:08]

2009-12-05 f:\windows\Tasks\User_Feed_Synchronization-{AB4762C9-34FD-4512-95CE-1D4665822150}.job
- f:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.aliceadsl.fr/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 219.23.88.182:8080
IE: Download with Rapget - f:\documents and settings\fabienne\Bureau\rapget_www.emu-passion.com\rapget.htm
IE: E&xporter vers Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Télécharger avec USDownloader - f:\documents and settings\fabienne\Bureau\USDownloader134\Ext\downloadie.html
TCP: {1F42F461-85DD-4D01-A7F2-1822FF731E56} = 192.168.1.1
TCP: {39B6D9BF-E955-4572-BC24-734A402C5155} = 192.168.1.1
TCP: {4A3E13D8-6BA7-412E-8199-541A9DC9415E} = 192.168.1.1
TCP: {757F49BB-461E-451C-9260-1631B9F48FE2} = 192.168.1.1
TCP: {90D619C9-C964-47A5-B940-D770C55EDD53} = 192.168.1.1
TCP: {AB0AF770-E6E1-4B6D-BE94-89907BCDE928} = 192.168.1.1
TCP: {ECBDDEEA-ADF3-4869-BDE8-F4E44D6CDA7A} = 192.168.1.1
DPF: DirectAnimation Java Classes - file://f:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://f:\windows\Java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - f:\documents and settings\fabienne\Application Data\Mozilla\Firefox\Profiles\b63z55f5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aliceadsl.fr/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: f:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: f:\documents and settings\fabienne\Application Data\Mozilla\Firefox\Profiles\b63z55f5.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: f:\documents and settings\fabienne\Application Data\Mozilla\Firefox\Profiles\b63z55f5.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - plugin: f:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: f:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: f:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: f:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: f:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
f:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\npggsvc]
"ImagePath"="f:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1993962763-1123561945-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:a5,19,29,d6,1f,3a,f3,ec,84,73,9c,5b,3e,56,a8,64,fd,81,15,48,15,
a2,96,50,76,48,39,74,09,27,17,eb,74,9c,00,09,08,77,46,7e,86,88,76,72,53,f0,\
"rkeysecu"=hex:ef,7f,77,8a,90,31,e3,fb,59,c4,a2,96,3e,2a,6d,7e
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(748)
f:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Heure de fin: 2009-12-05 14:32
ComboFix-quarantined-files.txt 2009-12-05 13:31
ComboFix2.txt 2009-12-05 12:59
ComboFix3.txt 2009-06-18 16:59

Avant-CF: 219 486 617 600 octets libres
Après-CF: 219 455 729 664 octets libres

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 605CB6A07A0A617EDA4E3D3194B2FCF4
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses