Virus tr/patched.gen

balance721 -  
 Utilisateur anonyme -
Bonjour,
depuis hier je suis infectée par ce virus je le met en quarantaine avec avira mais il revient tout le temps,j'y comprend rien si vous pouviez m'aider merci
Configuration: Windows XP
Firefox 3.5.5

15 réponses

  1. Utilisateur anonyme
     
    passe à MBAM et poste son rapport
    1
  2. Utilisateur anonyme
     
    bonjour,
    peux tu poster en copier coller le dernier rapport d'avira ici ?
    0
  3. balance721
     
    Avira AntiVir Personal
    Report file date: samedi 5 décembre 2009 08:07

    Scanning for 1417505 virus strains and unwanted programs.

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : FABIENNE-QB6E8N

    Version information:
    BUILD.DAT : 9.0.0.415 21609 Bytes 08/11/2009 10:00:00
    AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:26:33
    AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
    LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
    LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 06:56:27
    VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 06:56:27
    VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 06:56:27
    VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 06:56:27
    VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 06:56:27
    VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 06:56:27
    VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 06:56:27
    VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 06:56:28
    VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 06:56:28
    VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 06:56:28
    VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 06:56:28
    VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 06:56:28
    VBASE013.VDF : 7.10.1.79 209920 Bytes 25/11/2009 06:56:29
    VBASE014.VDF : 7.10.1.128 197632 Bytes 30/11/2009 06:56:30
    VBASE015.VDF : 7.10.1.129 2048 Bytes 30/11/2009 06:56:30
    VBASE016.VDF : 7.10.1.130 2048 Bytes 30/11/2009 06:56:30
    VBASE017.VDF : 7.10.1.131 2048 Bytes 30/11/2009 06:56:31
    VBASE018.VDF : 7.10.1.132 2048 Bytes 30/11/2009 06:56:31
    VBASE019.VDF : 7.10.1.133 2048 Bytes 30/11/2009 06:56:31
    VBASE020.VDF : 7.10.1.134 2048 Bytes 30/11/2009 06:56:31
    VBASE021.VDF : 7.10.1.135 2048 Bytes 30/11/2009 06:56:31
    VBASE022.VDF : 7.10.1.136 2048 Bytes 30/11/2009 06:56:31
    VBASE023.VDF : 7.10.1.137 2048 Bytes 30/11/2009 06:56:31
    VBASE024.VDF : 7.10.1.138 2048 Bytes 30/11/2009 06:56:31
    VBASE025.VDF : 7.10.1.139 2048 Bytes 30/11/2009 06:56:31
    VBASE026.VDF : 7.10.1.140 2048 Bytes 30/11/2009 06:56:31
    VBASE027.VDF : 7.10.1.141 2048 Bytes 30/11/2009 06:56:31
    VBASE028.VDF : 7.10.1.142 2048 Bytes 30/11/2009 06:56:32
    VBASE029.VDF : 7.10.1.143 2048 Bytes 30/11/2009 06:56:32
    VBASE030.VDF : 7.10.1.144 2048 Bytes 30/11/2009 06:56:32
    VBASE031.VDF : 7.10.1.169 148992 Bytes 04/12/2009 06:56:33
    Engineversion : 8.2.1.92
    AEVDF.DLL : 8.1.1.2 106867 Bytes 08/11/2009 06:38:52
    AESCRIPT.DLL : 8.1.2.45 586108 Bytes 05/12/2009 06:56:49
    AESCN.DLL : 8.1.2.5 127346 Bytes 08/11/2009 06:38:46
    AESBX.DLL : 8.1.1.1 246132 Bytes 08/11/2009 06:38:44
    AERDL.DLL : 8.1.3.4 479605 Bytes 05/12/2009 06:56:48
    AEPACK.DLL : 8.2.0.3 422261 Bytes 08/11/2009 06:38:40
    AEOFFICE.DLL : 8.1.0.38 196987 Bytes 08/11/2009 06:38:38
    AEHEUR.DLL : 8.1.0.184 2146681 Bytes 05/12/2009 06:56:41
    AEHELP.DLL : 8.1.7.5 237942 Bytes 05/12/2009 06:56:35
    AEGEN.DLL : 8.1.1.78 364917 Bytes 05/12/2009 06:56:34
    AEEMU.DLL : 8.1.1.0 393587 Bytes 08/11/2009 06:38:26
    AECORE.DLL : 8.1.8.5 180598 Bytes 05/12/2009 06:56:33
    AEBB.DLL : 8.1.0.3 53618 Bytes 08/11/2009 06:38:20
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
    AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:14:02
    AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
    AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
    AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
    NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
    RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 14:39:58
    RCTEXT.DLL : 9.0.73.0 86785 Bytes 13/10/2009 11:25:47

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: f:\program files\avira\antivir desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: F:,
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: samedi 5 décembre 2009 08:07

    Starting search for hidden objects.
    '124943' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
    Scan process 'c.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'mbam.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'msd.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'EEventManager.exe' - '1' Module(s) have been scanned
    Scan process 'ACDaemon.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Module is infected -> 'F:\WINDOWS\System32\svchost.exe'
    Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'ACService.exe' - '1' Module(s) have been scanned
    Scan process 'NetworkLicenseServer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Module is infected -> 'F:\WINDOWS\System32\svchost.exe'
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Module is infected -> 'F:\WINDOWS\system32\svchost.exe'
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Module is infected -> 'F:\WINDOWS\System32\svchost.exe'
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Module is infected -> 'F:\WINDOWS\System32\svchost.exe'
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Module is infected -> 'F:\WINDOWS\system32\svchost.exe'
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Module is infected -> 'F:\WINDOWS\system32\svchost.exe'
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Module is infected -> 'F:\WINDOWS\system32\lsass.exe'
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Module is infected -> 'F:\WINDOWS\system32\services.exe'
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Module is infected -> 'F:\WINDOWS\system32\winlogon.exe'
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned

    34 processes with 34 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'F:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).

    The registry was scanned ( '58' files ).

    Starting the file scan:

    Begin scan in 'F:\' <disque local>
    F:\Documents and Settings\fabienne\jwnhgmy.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Tofsee.F.7 back-door program

    Beginning disinfection:
    F:\Documents and Settings\fabienne\jwnhgmy.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Tofsee.F.7 back-door program
    [NOTE] The file was moved to '4b881af9.qua'!

    End of the scan: samedi 5 décembre 2009 09:32
    Used time: 1:24:06 Hour(s)

    The scan has been canceled!

    5761 Scanned directories
    81340 Files were scanned
    11 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    1 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    81329 Files not concerned
    178 Archives were scanned
    0 Warnings
    1 Notes
    124943 Objects were scanned with rootkit scan
    0 Hidden objects were found
    0
  4. balance721
     
    merci de m'aider pendant que je t'envoyai le rapport l'alerte avira s'est ouverte au moins 10 fois c'est agacant
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    ok, suis ceci :
    • Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.
    http://images.malwareremoval.com/random/RSIT.exe

    Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
    Double clique sur RSIT.exe pour lancer l'outil.
    Clique sur ' continue ' à l'écran Disclaimer.
    Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
    Une fois le scan fini, 2 rapports vont apparaître. Poste le contenu des 2 rapports séparément. Ils se trouvent sur c :
    (log.txt & info.txt)
    (CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
    0
  7. balance721
     
    je n'ai qu'un rapport:
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by fabienne at 2009-12-05 11:23:47
    Microsoft Windows XP Professionnel Service Pack 3
    System drive F: has 209 GB (55%) free of 382 GB
    Total RAM: 2047 MB (66% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:47:02, on 18/06/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    F:\WINDOWS\system32\msiexec.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\WINDOWS\system32\sessmgr.exe
    F:\Program Files\Spyware Terminator\sp_rsser.exe
    F:\WINDOWS\system32\wscntfy.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Mozilla Firefox\firefox.exe
    F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Documents and Settings\fabienne\Bureau\RSIT.exe
    F:\Program Files\Trend Micro\HijackThis\fabienne.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.23.88.182:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Download with Rapget - F:\Documents and Settings\fabienne\Bureau\rapget_www.emu-passion.com\rapget.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - F:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1F42F461-85DD-4D01-A7F2-1822FF731E56}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{39B6D9BF-E955-4572-BC24-734A402C5155}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A3E13D8-6BA7-412E-8199-541A9DC9415E}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{757F49BB-461E-451C-9260-1631B9F48FE2}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{90D619C9-C964-47A5-B940-D770C55EDD53}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ECBDDEEA-ADF3-4869-BDE8-F4E44D6CDA7A}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0276D505-E1B2-4C61-8C2B-143C642900DA}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0276D505-E1B2-4C61-8C2B-143C642900DA}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS5\Services\Tcpip\..\{1F42F461-85DD-4D01-A7F2-1822FF731E56}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS6\Services\Tcpip\..\{1F42F461-85DD-4D01-A7F2-1822FF731E56}: NameServer = 192.168.1.1
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Software Updater (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - F:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - F:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - F:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - F:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - F:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - F:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: WMI ICMP Echo Provider (wmipicmp32) - Unknown owner - rundll32.exe (file missing)
    0
  8. balance721
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by fabienne at 2009-12-05 11:21:56
    Microsoft Windows XP Professionnel Service Pack 3
    System drive F: has 209 GB (55%) free of 382 GB
    Total RAM: 2047 MB (68% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:30:20, on 05/12/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\Avira\AntiVir Desktop\sched.exe
    F:\WINDOWS\Explorer.EXE
    F:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
    F:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    F:\Program Files\Avira\AntiVir Desktop\avguard.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\WINDOWS\system32\PnkBstrA.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
    F:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    F:\Program Files\Messenger\msmsgs.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\Program Files\Mozilla Firefox\firefox.exe
    F:\WINDOWS\system32\wscntfy.exe
    F:\Program Files\Outlook Express\msimn.exe
    F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    F:\Documents and Settings\fabienne\Bureau\RSIT.exe
    F:\Program Files\Trend Micro\HijackThis\fabienne.exe
    F:\WINDOWS\system32\NOTEPAD.EXE
    F:\WINDOWS\msb.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.23.88.182:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ArcSoft Connection Service] F:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [EEventManager] F:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    O4 - HKLM\..\Run: [uvbqj] F:\WINDOWS\system32\uvbqj.exe \u
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NeoChronos] F:\DOCUME~1\fabienne\LOCALS~1\Temp\c.exe
    O4 - HKCU\..\Run: [Astrocom] F:\DOCUME~1\fabienne\LOCALS~1\Temp\o.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "F:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Download with Rapget - F:\Documents and Settings\fabienne\Bureau\rapget_www.emu-passion.com\rapget.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Télécharger avec USDownloader - F:\Documents and Settings\fabienne\Bureau\USDownloader134\Ext\downloadie.html
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Royal Vegas Online Casino - 23E6F6A8-2254-4E81-9EF7-6B6CF042F09D - F:\Microgaming\Casino\RoyalVegas\Casinogame.exe (HKCU)
    O9 - Extra button: Ruby Fortune Casino - 2D020FF1-6E9D-44F5-99F8-9253F8EA8923 - F:\Microgaming\Casino\RubyFortune\Casinogame.exe (HKCU)
    O9 - Extra button: Grand Hotel Casino - 3C2877F6-EDFE-49D3-AA95-2F09A08F6BC8 - F:\Microgaming\Casino\GrandHotel\Casinogame.exe (HKCU)
    O9 - Extra button: Golden Riviera Casino - 3CACEA8A-A752-4E62-95D9-60D5A4328E4A - F:\Microgaming\Casino\GoldenRiviera\Casinogame.exe (HKCU)
    O9 - Extra button: Platinum Play Online Casino - 4FB19C40-8555-40CB-A34A-0D2FF6830E93 - F:\Microgaming\Casino\PlatinumPlay\Casinogame.exe (HKCU)
    O9 - Extra button: All Slots Casino - 5A3AB5F4-2A52-4BEB-B096-29F57BB97B71 - F:\Microgaming\Casino\AllSlots\Casinogame.exe (HKCU)
    O9 - Extra button: Roxy Palace Online Casino - 7420F289-8E52-49C3-978F-06F108BF2889 - F:\Microgaming\Casino\RoxyPalace\Casinogame.exe (HKCU)
    O9 - Extra button: Lucky Emperor Casino - 8247476F-7D5A-4EC4-B19A-7761CFD25791 - F:\Microgaming\Casino\LuckyEmperor\Casinogame.exe (HKCU)
    O9 - Extra button: Quatro Casino - 9BDC9694-A174-422C-A14B-3F67C411C998 - F:\Microgaming\Casino\QuatroCasino\Casinogame.exe (HKCU)
    O9 - Extra button: Jackpot City Online Casino - CACF45CF-7A41-4008-B4E2-65ED278E82B9 - F:\Microgaming\Casino\JackpotCity\Casinogame.exe (HKCU)
    O9 - Extra button: All Jackpots - D744AE09-D459-4FE8-B2BA-247867EA6896 - F:\Microgaming\Casino\alljackpots\Casinogame.exe (HKCU)
    O9 - Extra button: Casino Action - F69FFB33-48ED-4056-B750-9C7661BAB210 - F:\Microgaming\Casino\CasinoAction\Casinogame.exe (HKCU)
    O9 - Extra button: Mummys Gold Casino - FF66DCD2-4BA2-4A83-86D6-C98410EF3085 - F:\Microgaming\Casino\MummysGoldCasino\Casinogame.exe (HKCU)
    O9 - Extra button: The Gaming Club - {7077EC3C-14A6-4F48-B459-AC94C37F5D11} - F:\Microgaming\Casino\GamingClub\casinogame.exe (HKCU)
    O9 - Extra button: Golden Tiger Casino - {A330BAAC-492A-4BED-849D-E60B9F67AF8E} - F:\Microgaming\Casino\GoldenTiger\casinogame.exe (HKCU)
    O9 - Extra button: Spin Palace Casino - {B1BF4709-D3F0-4730-A97F-AD2248E5D23F} - F:\Microgaming\Casino\SpinPalace\casinogame.exe (HKCU)
    O9 - Extra button: Villento - {ED10D053-C206-4244-A163-AFC159B31BBE} - F:\Microgaming\Casino\Villento\casinogame.exe (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - F:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1F42F461-85DD-4D01-A7F2-1822FF731E56}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{39B6D9BF-E955-4572-BC24-734A402C5155}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A3E13D8-6BA7-412E-8199-541A9DC9415E}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{757F49BB-461E-451C-9260-1631B9F48FE2}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{90D619C9-C964-47A5-B940-D770C55EDD53}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AB0AF770-E6E1-4B6D-BE94-89907BCDE928}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ECBDDEEA-ADF3-4869-BDE8-F4E44D6CDA7A}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0276D505-E1B2-4C61-8C2B-143C642900DA}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0276D505-E1B2-4C61-8C2B-143C642900DA}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS5\Services\Tcpip\..\{1F42F461-85DD-4D01-A7F2-1822FF731E56}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS6\Services\Tcpip\..\{1F42F461-85DD-4D01-A7F2-1822FF731E56}: NameServer = 192.168.1.1
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Service de licence ABBYY FineReader 9.0 (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - F:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - F:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - F:\WINDOWS\system32\svchost.exe
    O23 - Service: Audio Windows (AudioSrv) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - F:\WINDOWS\system32\svchost.exe
    O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - F:\WINDOWS\system32\svchost.exe
    O23 - Service: CryptSvc - Unknown owner - F:\WINDOWS\system32\svchost.exe
    O23 - Service: Lanceur de processus serveur DCOM (DcomLaunch) - Unknown owner - F:\WINDOWS\system32\svchost.exe
    O23 - Service: Client DHCP (Dhcp) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Client DNS (Dnscache) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Configuration automatique de réseau câblé (Dot3svc) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Service Protocole EAP (Extensible Authentication Protocol) (EapHost) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - F:\WINDOWS\system32\services.exe
    O23 - Service: Système d'événements de COM+ (EventSystem) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Service Google Update (gupdate1ca2489aab2376a) (gupdate1ca2489aab2376a) - Google Inc. - F:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Aide et support (helpsvc) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Service Gestion des clés et des certificats d'intégrité (hkmsvc) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Serveur (lanmanserver) - Unknown owner - F:\WINDOWS\system32\svchost.exe
    O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - F:\WINDOWS\system32\svchost.exe
    O23 - Service: Assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - F:\WINDOWS\system32\svchost.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - F:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - F:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Agent de protection d'accès réseau (napagent) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - F:\WINDOWS\system32\lsass.exe
    O23 - Service: Connexions réseau (Netman) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: NLA (Network Location Awareness) (Nla) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - F:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - F:\WINDOWS\system32\lsass.exe
    O23 - Service: Stockage amovible (NtmsSvc) - Unknown owner - F:\WINDOWS\system32\svchost.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - F:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Services IPSEC (PolicyAgent) - Unknown owner - F:\WINDOWS\system32\lsass.exe
    O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - F:\WINDOWS\system32\lsass.exe
    O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Appel de procédure distante (RPC) (RpcSs) - Unknown owner - F:\WINDOWS\system32\svchost.exe
    O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - F:\WINDOWS\system32\lsass.exe
    O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Secondary Logon (seclogon) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Notification d'événement système (SENS) - Unknown owner - F:\WINDOWS\system32\svchost.exe
    O23 - Service: Pare-feu Windows / Partage de connexion Internet (SharedAccess) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Détection matériel noyau (ShellHWDetection) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - F:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Service de restauration système (srservice) - Unknown owner - F:\WINDOWS\system32\svchost.exe
    O23 - Service: Service de découvertes SSDP (SSDPSRV) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: SSHNAS - Unknown owner - F:\WINDOWS\system32\svchost.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - F:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Acquisition d'image Windows (WIA) (stisvc) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Téléphonie (TapiSrv) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Services Terminal Server (TermService) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Thèmes (Themes) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Hôte de périphérique universel Plug-and-Play (upnphost) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Horloge Windows (W32Time) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: WebClient - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Infrastructure de gestion Windows (winmgmt) - Unknown owner - F:\WINDOWS\system32\svchost.exe
    O23 - Service: Service de numéro de série du lecteur multimédia portable (WmdmPmSN) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: WMI ICMP Echo Provider (wmipicmp32) - Unknown owner - rundll32.exe (file missing)
    O23 - Service: Centre de sécurité (wscsvc) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - F:\WINDOWS\system32\svchost.exe
    O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - F:\WINDOWS\system32\svchost.exe
    O23 - Service: Configuration automatique sans fil (WZCSVC) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    O23 - Service: Service d'approvisionnement réseau (xmlprov) - Unknown owner - F:\WINDOWS\System32\svchost.exe
    0
  9. Utilisateur anonyme
     
    tu es infecté par un vers :-(

    • Mode Recherche :

    Desactive ton antivirus le temps de la manip ainsi que ton pare-feu si présent

    Télécharge list&Killem.zip et enregistre le sur ton bureau
    http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip
    Utilise un programme pour dézipper le fichier compressé.
    Exécute le fichier Killem.exe.
    Il ne nécessite pas d'installation
    double clic (clic droit "exécuter en tant qu'administrateur" pour Vista) pour lancer le scan
    choisis la langue puis choisis l'option 1 = Mode Recherche
    laisse travailler l'outil
    le rapport va s’afficher, une fois le scan fini
    colle le contenu sur un forum spécialisé
    0
  10. balance721
     
    c'est bloqué sur " test rootkits" est ce normale
    0
  11. Utilisateur anonyme
     
    ok, on va le faire autrement :-)

    •/!\Avertissement :
    Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.
    Ne pas utiliser en dehors de ce cas de figure : dangereux!


    Télécharges ComboFix à partir de ce lien :
    https://forospyware.com
    ou ici :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    A lire
    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    Et important, enregistre le sur le bureau.
    Avant d'utiliser ComboFix :
    ► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
    ► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
    Une fois fait, sur ton bureau double-clic sur Combofix.exe.
    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
    ► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
    ► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    Si ça ne marche pas, tu vires combofix de sur ton bureau et tu télécharge depuis ce lien jacombo qui est combofix renommé cela permet de contrer certaine infection, tu le mets sur ton bureau et tu suis les explications données dans la procédure de combofix
    http://sd-1.archive-host.com/membres/up/89820622056365782/jacombo.exe

    •Télécharge Malwarebytes' Anti-Malware:
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    ou ici : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    . sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
    . enregistres le sur le bureau
    . Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
    . Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
    . si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
    . Une fois la mise à jour terminé
    . rend-toi dans l'onglet, Recherche
    . Sélectionnes Exécuter un examen complet
    . Cliques sur Rechercher
    . Le scan démarre.
    . A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    . Cliques sur Ok pour poursuivre.
    . Si des malwares ont été détectés, cliques sur Afficher les résultats
    . Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

    . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
    . rends toi dans l'onglet rapport/log
    . tu cliques dessus pour l'afficher une fois affiché
    . tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
    . tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
    . Tu cliques droit dans le cadre de la réponse et coller
    . À la fin du scan, il se peut que MBAM ait besoin de redémarrer le pc pour finaliser la suppression, donc pas de panique !!!

    Si tu as besoin d'aide regarde ce tutoriel :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    poste moi les rapports ici sur le forum et sur tes prochains messages
    0
  12. balance721
     
    quand je veus envoyer le rapport ca me dit que j'ai deja envoyer ce message
    0
  13. balance721
     
    ComboFix 09-12-04.04 - fabienne 05/12/2009 14:19.5.2 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1657 [GMT 1:00]
    Lancé depuis: f:\documents and settings\fabienne\Mes documents\Téléchargements\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-05 au 2009-12-05 ))))))))))))))))))))))))))))))))))))
    .

    2009-12-05 11:47 . 2009-12-05 11:47 -------- d-----w- F:\Kill'em
    2009-12-05 07:27 . 2009-06-30 08:37 28552 ----a-w- f:\windows\system32\drivers\pavboot.sys
    2009-12-05 07:25 . 2009-12-05 07:25 -------- d-----w- f:\program files\Panda Security
    2009-12-05 06:55 . 2009-07-28 14:33 55656 ----a-w- f:\windows\system32\drivers\avgntflt.sys
    2009-12-05 06:55 . 2009-03-30 08:33 96104 ----a-w- f:\windows\system32\drivers\avipbb.sys
    2009-12-05 06:55 . 2009-02-13 10:29 22360 ----a-w- f:\windows\system32\drivers\avgntmgr.sys
    2009-12-05 06:55 . 2009-02-13 10:17 45416 ----a-w- f:\windows\system32\drivers\avgntdd.sys
    2009-12-05 06:55 . 2009-12-05 06:55 -------- d-----w- f:\documents and settings\All Users\Application Data\Avira
    2009-12-04 09:12 . 2009-12-05 07:34 -------- d-----w- f:\documents and settings\fabienne\Application Data\DVD Profiler
    2009-12-04 07:43 . 2009-12-05 07:34 -------- d-----w- f:\program files\DVD Profiler
    2009-12-03 14:22 . 2009-12-03 14:22 520192 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriesvegas3cardrummyxxx.601531cc99c91a77f35e0800b60d912d.dll
    2009-12-03 14:22 . 2009-12-03 14:22 614400 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriesvegas3cardrummyplugin.efd1da25ceb79224e214006804f35d0e.dll
    2009-12-03 14:22 . 2009-12-03 14:22 221184 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriesvegas3cardrummystatsplugin.cb2b732d7e1168de937cf95242815aad.dll
    2009-12-03 14:22 . 2009-12-03 14:22 1486848 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_gao_dec_2009.cd728f719824c5074cc6023ea106ea1e.dll
    2009-12-03 14:22 . 2009-12-03 14:22 679936 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\t\transition_gao_dec_2009.ddf657439bc1cbce99e8763fee9803a4.dll
    2009-12-03 14:22 . 2009-12-03 14:22 618496 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_gao_dec_2009.637d031249b1b22e0b31d5303f3811be.dll
    2009-12-03 14:22 . 2009-12-03 14:22 1040384 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_gao_dec_2009.f5605c1fe8513561f2bef5c3c0c1a546.dll
    2009-12-03 14:20 . 2009-12-03 14:20 868352 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\d\draganddropbonus_scrooge.62dccf0a4e9a1df28a3ba199cf29a2f3.dll
    2009-12-03 14:20 . 2009-12-03 14:20 835584 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\v\visibleareapickxofybonus_scrooge.cf8bcd9270ebde8f01d0eb78d3a7c654.dll
    2009-12-03 14:20 . 2009-12-03 14:20 1552384 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_scrooge.08da86f5359e1f4fa3c3179dc0c390bb.dll
    2009-12-03 14:20 . 2009-12-03 14:20 1060864 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_scrooge.594456c7753ff164fbec07e35ec06a41.dll
    2009-12-03 14:20 . 2009-12-03 14:20 684032 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\t\transition_scrooge.bc6efdb0b076347754d1b5440065fba2.dll
    2009-12-03 14:15 . 2009-12-03 14:15 1052672 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_tribaltreasure.c6b2bdd41fd192f3b0951fc8f6c187c2.dll
    2009-12-03 14:15 . 2009-12-03 14:15 679936 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\t\transition_tribaltreasure.3012fbe9c0650124d3c8c14a88df10de.dll
    2009-12-03 14:15 . 2009-12-03 14:15 618496 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\gamble_tribaltreasure.5c9d5fb24b5cdd860de84ae37fc6ca9e.dll
    2009-12-03 14:15 . 2009-12-03 14:15 1499136 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_tribaltreasure.879148744397022e46f87429a6b114e6.dll
    2009-12-03 13:36 . 2009-12-03 13:50 -------- d-----w- f:\documents and settings\fabienne\Application Data\CasinoOnNet
    2009-12-03 13:36 . 2009-12-03 13:45 -------- d-----w- f:\program files\CasinoOnNet
    2009-12-01 09:18 . 2009-12-01 09:18 417792 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\m\menucore.b2d66e3fd98795f022471c120346822f.dll
    2009-11-25 07:30 . 2009-11-25 07:30 -------- d-----w- f:\documents and settings\fabienne\Application Data\LivingActor
    2009-11-25 07:30 . 2009-11-25 07:30 -------- d-----w- f:\program files\LivingActor
    2009-11-25 07:23 . 2009-11-25 07:23 -------- d-----w- f:\program files\OPPBTP
    2009-11-23 09:34 . 2009-11-23 09:44 -------- d-----w- f:\documents and settings\fabienne\Application Data\Epson
    2009-11-23 09:19 . 2009-11-23 09:21 -------- d-----w- f:\program files\Epson Software
    2009-11-23 09:19 . 2009-11-23 09:19 -------- d-----w- f:\documents and settings\fabienne\Local Settings\Application Data\ArcSoft
    2009-11-23 09:18 . 2009-11-23 10:17 -------- d-----w- f:\program files\ABBYY FineReader 6.0 Sprint
    2009-11-23 09:18 . 2009-11-23 09:18 -------- d-----w- f:\documents and settings\All Users\Application Data\ArcSoft
    2009-11-23 09:18 . 2006-11-10 14:05 18688 ----a-w- f:\windows\system32\drivers\afc.sys
    2009-11-23 09:17 . 2009-11-23 09:18 -------- d-----w- f:\program files\Fichiers communs\ArcSoft
    2009-11-23 09:17 . 2009-11-23 09:17 -------- d-----w- f:\program files\ArcSoft
    2009-11-23 09:13 . 2008-06-18 23:00 65793 ----a-w- f:\windows\system32\esfw8b.bin
    2009-11-23 09:13 . 2008-06-18 23:00 204800 ----a-w- f:\windows\system32\esint8b.dll
    2009-11-23 09:13 . 2007-12-27 23:00 73216 ----a-w- f:\windows\system32\eswia8b.dll
    2009-11-23 09:13 . 2006-08-25 00:00 9216 ----a-w- f:\windows\system32\escdev.dll
    2009-11-23 09:13 . 2006-03-09 23:00 3584 ----a-w- f:\windows\system32\eswiaml.dll
    2009-11-23 09:13 . 2009-11-23 09:15 -------- d-----w- f:\program files\epson
    2009-11-21 14:56 . 2007-10-29 17:25 372736 ----a-r- f:\windows\system32\hppldcoi.dll
    2009-11-21 14:56 . 2007-10-29 17:25 309760 ----a-r- f:\windows\system32\difxapi.dll
    2009-11-21 14:56 . 2007-10-29 17:11 303104 ----a-r- f:\windows\system32\hpovst15.dll
    2009-11-21 14:56 . 2007-10-29 17:11 581632 ----a-r- f:\windows\system32\hpotscl6.dll
    2009-11-21 14:56 . 2007-10-29 17:11 729088 ----a-r- f:\windows\system32\hpowiax7.dll
    2009-11-21 14:54 . 2009-11-21 16:35 178233 ----a-w- f:\windows\hpoins27.dat
    2009-11-21 14:54 . 2008-01-17 23:56 932 ------w- f:\windows\hpomdl27.dat
    2009-11-21 14:54 . 2009-11-21 14:54 -------- d-----w- f:\documents and settings\All Users\Application Data\Hewlett-Packard
    2009-11-21 14:53 . 2007-10-20 17:25 117760 ----a-w- f:\windows\system32\hpzll5mu.dll
    2009-11-21 14:53 . 2007-10-20 17:21 278016 ----a-w- f:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
    2009-11-19 09:15 . 2009-11-19 09:15 290922 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\m\mpvcommunityslotsplugin.5754aaa94ce09bd30bcf3e6854410489.dll
    2009-11-19 09:15 . 2009-11-19 09:15 262252 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\wheelofwealthbonusplugin.6c0e321acbcdf9cd162f9ebd5bdd2a49.dll
    2009-11-19 09:15 . 2009-11-19 09:15 282699 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\slotxxx.67f1296c5da24efba618b3ba72a7499e.dll
    2009-11-19 09:15 . 2009-11-19 09:15 110674 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\slotdialogs.4fdea635d4a6cfd9eb1ead9aa5fa182b.dll
    2009-11-19 09:15 . 2009-11-19 09:15 98390 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\singleobjects.0d588bfc081a33b0dd55ea51043fd805.dll
    2009-11-19 09:15 . 2009-11-19 09:15 417792 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\m\menucore.7420859633d968af6cd344ca3ce93d87.dll
    2009-11-16 14:37 . 2009-11-27 14:47 -------- d-----w- f:\program files\TraditionCasino
    2009-11-09 17:45 . 2009-11-10 19:09 43520 ----a-w- f:\windows\system32\CmdLineExt03.dll
    2009-11-09 17:45 . 2003-03-15 23:15 90112 ----a-w- f:\windows\unvise32.exe
    2009-11-09 17:40 . 2009-11-09 17:45 -------- d-----w- f:\program files\SoldnerSecretWars
    2009-11-06 10:15 . 2009-11-06 10:15 1040384 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_novgao_09.0f4a9e5f0c3aacc5fd59c75d3646b44e.dll
    2009-11-06 10:15 . 2009-11-06 10:15 1474560 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_novgao_09.bca283e127879ce59170c465ef11ba05.dll
    2009-11-06 10:15 . 2009-11-06 10:15 921600 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_novgao_09.2d0e2f5fb79a1dee2f0dba3ac916277d.dll
    2009-11-06 10:15 . 2009-11-06 10:15 897024 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_novgao_09.cf52962a5fbf37c5c088bd5d667653d4.dll
    2009-11-06 10:15 . 2009-11-06 10:15 618496 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_novgao_09.5e06bb19f897ab866a50c262ff639055.dll
    2009-11-06 10:15 . 2009-11-06 10:15 679936 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\t\transition_novgao_09.002d2269f327b0c9a9e9f327bc91130b.dll
    2009-11-06 09:52 . 2009-11-06 09:52 417792 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\m\menucore.8910ba755486798caf455d75c4b740cc.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-05 12:34 . 2008-04-09 12:08 29 ----a-w- f:\windows\popcinfo.dat
    2009-12-05 12:34 . 2008-08-07 15:03 -------- d-----w- f:\program files\userdata
    2009-12-05 10:24 . 2003-12-17 16:03 7168 --sha-w- f:\program files\Thumbs.db
    2009-12-05 09:53 . 2009-09-08 13:48 -------- d-----w- f:\program files\Universal Share Downloader
    2009-12-05 09:27 . 2008-05-26 13:41 -------- d-----w- f:\program files\Avira
    2009-12-05 07:14 . 2009-06-10 13:12 117760 ----a-w- f:\documents and settings\fabienne\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-05 06:41 . 2008-03-04 13:11 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-12-04 18:03 . 2007-12-28 20:59 -------- d-----w- f:\documents and settings\All Users\Application Data\Google Updater
    2009-12-04 14:21 . 2008-01-08 09:25 -------- d-----w- f:\documents and settings\fabienne\Application Data\dvdcss
    2009-12-04 10:53 . 2008-01-25 08:51 -------- d-----w- f:\program files\eMule
    2009-11-28 13:27 . 2008-02-26 19:01 -------- d---a-w- f:\documents and settings\All Users\Application Data\TEMP
    2009-11-23 09:24 . 2007-12-28 19:21 -------- d--h--w- f:\program files\InstallShield Installation Information
    2009-11-12 15:03 . 2009-08-27 15:50 -------- d-----w- f:\program files\Scratch2Cash
    2009-11-03 08:07 . 2009-11-03 08:07 -------- d-----w- f:\documents and settings\fabienne\Application Data\ImgBurn
    2009-11-03 07:07 . 2009-11-03 07:07 -------- d-----w- f:\program files\ImgBurn
    2009-10-28 07:21 . 2009-10-28 07:23 102664 ----a-w- f:\windows\system32\drivers\tmcomm.sys
    2009-10-28 06:51 . 2008-01-13 08:14 -------- d-----w- f:\program files\Fichiers communs\Adobe
    2009-10-26 06:36 . 2001-08-28 14:00 572442 ----a-w- f:\windows\system32\perfh00C.dat
    2009-10-26 06:36 . 2001-08-28 14:00 110658 ----a-w- f:\windows\system32\perfc00C.dat
    2009-10-24 15:35 . 2009-10-24 15:35 -------- d-----w- f:\documents and settings\fabienne\Application Data\Aisle 5 Games, Inc
    2009-10-24 15:35 . 2008-04-10 17:54 -------- d-----w- f:\documents and settings\All Users\Application Data\BigFishGamesCache
    2009-10-24 15:33 . 2009-10-24 12:14 -------- d-----w- f:\program files\G.H.O.S.T. Chronicles - Le Fantome de la Foire de la Renaissance
    2009-10-24 11:38 . 2009-10-24 11:38 -------- d-----w- f:\documents and settings\fabienne\Application Data\Games
    2009-10-24 11:38 . 2009-10-24 10:25 -------- d-----w- f:\program files\Departement 42 - Le Mystere des Neuf
    2009-10-24 11:35 . 2009-10-24 11:35 -------- d-----w- f:\program files\Strange Cases - Le Mystere des Cartes de Tarot
    2009-10-24 11:00 . 2009-10-24 10:59 -------- d-----w- f:\program files\Princesse Isabella - Le Chateau Ensorcele
    2009-10-24 10:09 . 2008-03-27 16:19 -------- d-----w- f:\program files\Zylom Games
    2009-10-24 10:02 . 2008-03-27 16:43 -------- d-----w- f:\documents and settings\fabienne\Application Data\Zylom
    2009-10-24 09:32 . 2009-10-24 09:32 -------- d-----w- f:\documents and settings\fabienne\Application Data\Gamenauts
    2009-10-24 07:46 . 2008-10-25 11:39 -------- d-----w- f:\documents and settings\fabienne\Application Data\PlayFirst
    2009-10-24 07:46 . 2008-10-25 11:39 -------- d-----w- f:\documents and settings\All Users\Application Data\PlayFirst
    2009-10-24 07:38 . 2008-04-10 17:54 -------- d-----w- f:\program files\bfgclient
    2009-10-23 09:46 . 2009-10-23 09:39 -------- d-----w- f:\program files\iNetBet Casino
    2009-10-15 11:31 . 2009-10-15 11:31 -------- d-----w- f:\documents and settings\All Users\Application Data\IM
    2009-10-15 11:30 . 2009-10-15 11:30 -------- d-----w- f:\documents and settings\All Users\Application Data\IncrediMail
    2009-10-12 11:58 . 2009-10-12 11:58 1236992 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\k\kfm_kungfubonus.7648b1705a4c13b46555323f6f9957fe.dll
    2009-10-10 09:07 . 2009-10-09 11:58 -------- d-----w- f:\program files\RaPiZ PSP Software
    2009-10-10 08:02 . 2009-10-10 08:02 -------- d-----w- f:\program files\InterCasino France
    2009-10-09 16:53 . 2009-10-09 16:53 544768 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriestexasholdembonuspokerxxx.438143241fa4db3dec756421eaae9ed1.dll
    2009-10-09 16:53 . 2009-10-09 16:53 221184 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriestexasholdembonuspokerstatsplugin.182ee2e6a10bbd7802a16c2b9de95f08.dll
    2009-10-09 16:53 . 2009-10-09 16:53 655360 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriestexasholdembonuspokerplugin.c24ff1b97c271db3b9ac6babf39f8c38.dll
    2009-10-09 16:23 . 2009-10-06 13:59 -------- d-----w- f:\program files\GfedEurofr2F
    2009-10-09 16:16 . 2009-10-09 16:16 49152 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakstrategylogic1.64d4f0467e0e777ddfbb02e7544f98fa.dll
    2009-10-09 16:16 . 2009-10-09 16:16 192512 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakxxx.af25beaa0378c2b2eaa341b7d8c64966.dll
    2009-10-09 16:16 . 2009-10-09 16:16 98304 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakautoplayplugin.bd0995adc01c55d3f345d8fc81d6bf13.dll
    2009-10-09 16:16 . 2009-10-09 16:16 417792 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakplugin.85c5094e4412e0647ba5f7a72219a89d.dll
    2009-10-09 16:16 . 2009-10-09 16:16 106496 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakstatsplugin.c622fc192c22f951a4bf27988c8c48e0.dll
    2009-10-09 16:16 . 2009-10-09 16:16 126976 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakstrategyui1.c4a60b718047a7230c1f7eb62e24ac16.dll
    2009-10-09 13:08 . 2009-10-09 13:08 -------- d-----w- f:\program files\QuickMediaConverter
    2009-10-09 12:09 . 2009-10-09 12:09 679936 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\t\transition_octgao_09.7768fe95f9efff3962c913196fe05f6a.dll
    2009-10-09 12:09 . 2009-10-09 12:09 618496 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_octgao_09.ae6289cf11b05446123a7e16d97ef025.dll
    2009-10-09 12:09 . 2009-10-09 12:09 1040384 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_octgao_09.b8c78bdbd5f2e8ca0e10a0e307926db4.dll
    2009-10-09 12:09 . 2009-10-09 12:09 901120 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_octgao_09.8eb7dff6ab1c8166b7a83d669d6f1b7d.dll
    2009-10-09 12:09 . 2009-10-09 12:09 1478656 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_octgao_09.c2cbb8fc70fbf865a9d78d9a5874a4ce.dll
    2009-10-09 11:54 . 2009-10-09 11:54 -------- d-----w- f:\documents and settings\fabienne\Application Data\Media Player Classic
    2009-10-09 11:41 . 2009-10-09 11:41 135638 ----a-r- f:\documents and settings\fabienne\Application Data\Microsoft\Installer\{69F896FB-139D-405C-ABE8-88D50547B986}\_BC9DA1CE59E1210ACC2505.exe
    2009-10-09 11:41 . 2009-10-09 11:41 135638 ----a-r- f:\documents and settings\fabienne\Application Data\Microsoft\Installer\{69F896FB-139D-405C-ABE8-88D50547B986}\_29345B4F8542FEEE7B2FFE.exe
    2009-10-09 11:41 . 2009-10-09 11:41 121915 ----a-r- f:\documents and settings\fabienne\Application Data\Microsoft\Installer\{69F896FB-139D-405C-ABE8-88D50547B986}\_01042A4EE960F203E989EB.exe
    2009-10-09 11:41 . 2009-10-09 11:41 120577 ----a-r- f:\documents and settings\fabienne\Application Data\Microsoft\Installer\{69F896FB-139D-405C-ABE8-88D50547B986}\_6FEFF9B68218417F98F549.exe
    2009-10-09 11:41 . 2009-10-09 11:41 10134 ----a-r- f:\documents and settings\fabienne\Application Data\Microsoft\Installer\{69F896FB-139D-405C-ABE8-88D50547B986}\_D6BF6439D6E1CD059814D5.exe
    2009-10-09 11:41 . 2009-10-09 11:41 -------- d-----w- f:\program files\EdenSoftware
    2009-10-09 11:30 . 2008-12-15 10:01 -------- d-----w- f:\program files\Red Kawa
    2009-10-09 09:46 . 2007-12-29 08:25 -------- d-----w- f:\program files\K-Lite Codec Pack
    2009-10-09 09:46 . 2008-12-15 10:01 -------- d-----w- f:\program files\AviSynth 2.5
    2009-10-09 09:46 . 2009-10-09 09:46 -------- d-----w- f:\program files\AVN Products
    2009-10-09 06:08 . 2008-12-15 13:12 -------- d-----w- f:\program files\WinAVI MP4 Converter
    2009-10-08 18:29 . 2009-10-08 18:29 -------- d-----w- f:\documents and settings\fabienne\Application Data\Red Kawa
    2009-10-08 17:23 . 2009-10-08 17:23 -------- d-----w- f:\documents and settings\fabienne\Application Data\ImTOO Software Studio
    2009-10-02 15:54 . 2009-10-02 15:54 36926 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_reddog.17e4bed26b7398ee9c45c72ed478a759.dll
    2009-10-02 15:53 . 2009-10-02 15:53 65536 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\sizzlingscorpionsbonus.b810fd9a6f22045661d97e29b7b598bb.dll
    2009-10-02 15:53 . 2009-10-02 15:53 151552 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\sicbo.947b265d4f68e9c480664c57d59ab47c.dll
    2009-09-30 12:18 . 2008-07-29 06:07 94992 ----a-w- f:\windows\system32\Vb5fr.dll
    2009-09-30 12:18 . 2001-08-28 14:00 1334032 ----a-w- f:\windows\system32\Msvbvm50.dll
    2009-09-29 07:50 . 2009-09-29 07:50 114822 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_progcyberstud.e038aa28085a77aa97b543eea1b2f3b9.dll
    2009-09-29 07:50 . 2009-09-29 07:50 41013 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_cyberstud.1b8f431ce9dfe38861b98045dc7bc82c.dll
    2009-09-29 07:48 . 2009-09-29 07:48 393216 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\f\flyingwitchbonus.178abae7811f3ce106a1068e2f8e83aa.dll
    2009-09-29 07:47 . 2009-09-29 07:47 352256 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\spinningwandbonus.71b441eaf88d72b917384cc517583ca7.dll
    2009-09-29 07:45 . 2009-09-29 07:45 348432 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\whatonearth.0a3ab3633f8df69ecc1bb0d848f47412.dll
    2009-09-29 07:45 . 2009-09-29 07:45 352528 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\whatonearthxxx.b1cc356ee36fb84ac5c9eca977aa894a.dll
    2009-09-29 07:45 . 2009-09-29 07:45 250128 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\whatonearthbonus.4a3c41468d5b693ba49db2c04b228a66.dll
    2009-09-29 07:43 . 2009-09-29 07:43 1171456 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\wealthspa_stonebonus.884fe3f012cc21e9f4b94beccb344fe5.dll
    2009-09-29 07:43 . 2009-09-29 07:43 1204224 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\wealthspa_bathbonus.eaf1477312e7ecb9b1c7aa0a26e6ac61.dll
    2009-09-29 07:22 . 2009-09-29 07:22 1142784 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\wealthspa_bodywaxbonus.86b2e4bb4c8e68cbf84cdb6310c39218.dll
    2009-09-29 07:19 . 2009-09-29 07:19 1290240 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\wealthspa_smoothiebonus.779ec9c8439f59a40852d4a998367c4f.dll
    2009-09-29 07:18 . 2009-09-29 07:18 827392 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\p\playerinstantiatedchoosebonus.ceb25d7dda7b0effc207d3dec6e30288.dll
    2009-09-29 07:14 . 2009-09-29 07:14 1196032 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\w\wealthspa_massagebonus.0e575cb178075b87da73199c7e3bdcc1.dll
    2009-09-29 07:13 . 2009-09-29 07:13 221456 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\v\vegascrapsxxx.9260625f65eb4bc5b68e6b446a4be9ec.dll
    2009-09-29 07:13 . 2009-09-29 07:13 110592 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\v\vegascraps.b5db027e00863192286f05af6c1d7fd0.dll
    2009-09-29 07:12 . 2009-09-29 07:12 114688 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\u\usroulette.111677cc695657a0c9a392432a7a3d55.dll
    2009-09-28 14:08 . 2009-09-28 14:08 286720 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\t\triplesevens.ea88c1daf2f35b92e00a6e671b7e9a0a.dll
    2009-09-28 13:55 . 2009-09-28 13:55 499984 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\g\greatgalaxycasinobonus.55dde164a6c32cf7a5be1bb8e3746043.dll
    2009-09-28 13:44 . 2009-09-28 13:44 700416 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\p\pickuntilcollectbonus.07d287f25bba4ccba9ff2af0dedb4455.dll
    2009-09-28 13:42 . 2009-09-28 13:42 380928 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\p\pickuntilcollectbonus_tggg.e66cbfaf93bc06e345be6dacdf926516.dll
    2009-09-28 13:12 . 2009-09-28 13:12 860160 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\scoopthecashbonus.bba34ca69d484ca056b3150cf3511c31.dll
    2009-09-28 13:11 . 2009-09-28 13:11 131072 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\r\rouletteroyale.78fbb4e6860f34eb015928fa5c78c605.dll
    2009-09-28 13:06 . 2009-09-28 13:06 245760 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\p\pokerride.0e46f0612786991e4a026d6c70ac2e93.dll
    2009-09-28 13:06 . 2009-09-28 13:06 188416 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\p\pokerpursuit.99406aaa92216ca4bca884748c50551a.dll
    2009-09-28 13:02 . 2009-09-28 13:02 1024000 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofychoicebonus_summerholiday.2f3c0065ff052710ed0c13651e2571da.dll
    2009-09-28 13:00 . 2009-09-28 13:00 495888 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofychoicebonus.281bc5f32411b92464f05fd4a21f7e74.dll
    2009-09-28 12:55 . 2009-09-28 12:55 376832 ----a-w- f:\documents and settings\All Users\Application Data\MGS\cache\v\vegasstripblackjack.59f244d12616734754d6150b8b007a01.dll
    2008-11-25 08:28 . 2008-11-25 08:28 8192 --sha-w- f:\windows\o2cLicStore.bin
    .

    ------- Sigcheck -------

    [7] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 02:34 . !HASH: COULD NOT OPEN FILE !!!!! . 516096 . . [------] . . f:\windows\system32\winlogon.exe
    [7] 2004-08-19 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="f:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
    "ArcSoft Connection Service"="f:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
    "EEventManager"="f:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
    "QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
    "Malwarebytes Anti-Malware (reboot)"="f:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="f:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="f:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 10:05 356352 ----a-w- f:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ADVANCE WL-54PCI.lnk]

    [HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]

    [HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

    [HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hyperappel du Petit Larousse 2008.lnk]

    [HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]

    [HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WiFi Station pour Livebox.lnk]

    [HKLM\~\startupfolder\F:^Documents and Settings^fabienne^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]

    [HKLM\~\startupfolder\F:^Documents and Settings^fabienne^Menu Démarrer^Programmes^Démarrage^ubisoft register.lnk]
    path=f:\documents and settings\fabienne\Menu Démarrer\Programmes\Démarrage\ubisoft register.lnk
    backup=f:\windows\pss\ubisoft register.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "StarWindServiceAE"=2 (0x2)
    "SQLWriter"=2 (0x2)
    "SQLBrowser"=2 (0x2)
    "Pml Driver HPZ12"=2 (0x2)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "Nero BackItUp Scheduler 3"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "Boonty Games"=3 (0x3)
    "aawservice"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "f:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "f:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "f:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "f:\\Program Files\\eMule\\emule.exe"=
    "f:\\WINDOWS\\system32\\rtcshare.exe"=
    "f:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "f:\\Program Files\\Hercules\\WiFi Station pour Livebox\\WiFiStationLB.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "f:\\Program Files\\Azureus\\Azureus.exe"=
    "f:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
    "f:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
    "f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "f:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
    "f:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
    "f:\\Program Files\\SightSpeed\\SightSpeed.exe"=
    "f:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "f:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "f:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "f:\\Program Files\\USArmy\\America's Army 3\\Binaries\\AA3Game.exe"=
    "f:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "f:\\Program Files\\MotoGP2\\motogp2.exe"=
    "f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "f:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4500:TCP"= 4500:TCP:emule
    "4600:UDP"= 4600:UDP:emule
    "13307:TCP"= 13307:TCP:azureus
    "13307:UDP"= 13307:UDP:azureus
    "13308:TCP"= 13308:TCP:azureus
    "13308:UDP"= 13308:UDP:azureus
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "56418:TCP"= 56418:TCP:Pando Media Booster
    "56418:UDP"= 56418:UDP:Pando Media Booster

    R0 pavboot;pavboot;f:\windows\system32\drivers\pavboot.sys [05/12/2009 08:27 28552]
    R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 09:05 9968]
    R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 09:05 72944]
    R2 ABBYY.Licensing.FineReader.Professional.9.0;Service de licence ABBYY FineReader 9.0;f:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [24/09/2007 18:11 566560]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\program files\Avira\AntiVir Desktop\sched.exe [05/12/2009 07:55 108289]
    R3 V0420VID;Live! Cam Vista IM (VF0420);f:\windows\system32\drivers\V0420Vid.sys [16/07/2009 12:36 99648]
    S0 sptd;sptd;f:\windows\system32\drivers\sptd.sys [08/01/2008 08:39 715248]
    S2 gupdate1ca2489aab2376a;Service Google Update (gupdate1ca2489aab2376a);f:\program files\Google\Update\GoogleUpdate.exe [24/08/2009 08:08 133104]
    S2 MSSQL$EBP;SQL Server (EBP);f:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [26/02/2008 21:08 29183504]
    S2 NVVVZJJR;NVVVZJJR;\??\f:\windows\system32\drivers\NVVVZJJR.sys --> f:\windows\system32\drivers\NVVVZJJR.sys [?]
    S2 wmipicmp32;WMI ICMP Echo Provider;rundll32.exe f:\windows\system32\wmipicmp32.dll,ehec --> rundll32.exe f:\windows\system32\wmipicmp32.dll,ehec [?]
    S2 wrkvrtnr;wrkvrtnr;\??\f:\windows\system32\drivers\wrkvrtnr.sys --> f:\windows\system32\drivers\wrkvrtnr.sys [?]
    S3 aaudstum;aaudstum;\??\f:\docume~1\fabienne\LOCALS~1\Temp\aaudstum.sys --> f:\docume~1\fabienne\LOCALS~1\Temp\aaudstum.sys [?]
    S3 maconfservice;Ma-Config Service;f:\program files\ma-config.com\maconfservice.exe [29/05/2009 16:13 195752]
    S3 npggsvc;nProtect GameGuard Service;f:\windows\system32\GameMon.des -service --> f:\windows\system32\GameMon.des -service [?]
    S3 SASENUM;SASENUM;f:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 09:05 7408]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
    .
    Contenu du dossier 'Tâches planifiées'

    2009-12-01 f:\windows\Tasks\AppleSoftwareUpdate.job
    - f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

    2009-12-05 f:\windows\Tasks\Google Software Updater.job
    - f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-28 07:30]

    2009-12-05 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - f:\program files\Google\Update\GoogleUpdate.exe [2009-08-24 07:08]

    2009-12-05 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - f:\program files\Google\Update\GoogleUpdate.exe [2009-08-24 07:08]

    2009-12-05 f:\windows\Tasks\User_Feed_Synchronization-{AB4762C9-34FD-4512-95CE-1D4665822150}.job
    - f:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.aliceadsl.fr/
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = 219.23.88.182:8080
    IE: Download with Rapget - f:\documents and settings\fabienne\Bureau\rapget_www.emu-passion.com\rapget.htm
    IE: E&xporter vers Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Télécharger avec USDownloader - f:\documents and settings\fabienne\Bureau\USDownloader134\Ext\downloadie.html
    TCP: {1F42F461-85DD-4D01-A7F2-1822FF731E56} = 192.168.1.1
    TCP: {39B6D9BF-E955-4572-BC24-734A402C5155} = 192.168.1.1
    TCP: {4A3E13D8-6BA7-412E-8199-541A9DC9415E} = 192.168.1.1
    TCP: {757F49BB-461E-451C-9260-1631B9F48FE2} = 192.168.1.1
    TCP: {90D619C9-C964-47A5-B940-D770C55EDD53} = 192.168.1.1
    TCP: {AB0AF770-E6E1-4B6D-BE94-89907BCDE928} = 192.168.1.1
    TCP: {ECBDDEEA-ADF3-4869-BDE8-F4E44D6CDA7A} = 192.168.1.1
    DPF: DirectAnimation Java Classes - file://f:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://f:\windows\Java\classes\xmldso.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
    DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
    FF - ProfilePath - f:\documents and settings\fabienne\Application Data\Mozilla\Firefox\Profiles\b63z55f5.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
    FF - prefs.js: browser.search.selectedEngine - SweetIM Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.aliceadsl.fr/
    FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: f:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: f:\documents and settings\fabienne\Application Data\Mozilla\Firefox\Profiles\b63z55f5.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
    FF - plugin: f:\documents and settings\fabienne\Application Data\Mozilla\Firefox\Profiles\b63z55f5.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
    FF - plugin: f:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: f:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: f:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: f:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: f:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - plugin: f:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    FF - plugin: f:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    f:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    .

    **************************************************************************
    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet005\Services\npggsvc]
    "ImagePath"="f:\windows\system32\GameMon.des -service"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1993962763-1123561945-725345543-1003\Software\SecuROM\License information*]
    "datasecu"=hex:a5,19,29,d6,1f,3a,f3,ec,84,73,9c,5b,3e,56,a8,64,fd,81,15,48,15,
    a2,96,50,76,48,39,74,09,27,17,eb,74,9c,00,09,08,77,46,7e,86,88,76,72,53,f0,\
    "rkeysecu"=hex:ef,7f,77,8a,90,31,e3,fb,59,c4,a2,96,3e,2a,6d,7e
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(748)
    f:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    Heure de fin: 2009-12-05 14:32
    ComboFix-quarantined-files.txt 2009-12-05 13:31
    ComboFix2.txt 2009-12-05 12:59
    ComboFix3.txt 2009-06-18 16:59

    Avant-CF: 219 486 617 600 octets libres
    Après-CF: 219 455 729 664 octets libres

    Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
    - - End Of File - - 605CB6A07A0A617EDA4E3D3194B2FCF4
    0