Je n'y arrive pas, j'aides attaques de cheval

Résolu
dbourgeo -  
dbourgeo Messages postés 70 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour à tous,
Depuis quelques jours j'ai mon Anti virus eset security nod 32 qui me met sans arrêt tous les 5 minutes un message comme quoi il bloque l'attaque d'un cheval de troie.
J'ai voulu essayer de nettoyer avec spyboot et malarbytes et hijackthis mais rien n'y fait.
J'ai l'impression que j'ai un fichier surement installé sur mon PC qui demande aux attaquant de pénétrer.
Je baisse les bras car à force c'est pénible donc si vous pouvez m'aider, merci
Cordialement Daniel
s

72 réponses

Précédent
Réponse 61 / 72
dbourgeo Messages postés 70 Date d'inscription   Statut Membre Dernière intervention  
 
Non, non je ne pars pas.
0
Réponse 62 / 72
moment de grace Messages postés 29042 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
 
as tu encore combofix ?
0
Réponse 63 / 72
moment de grace Messages postés 29042 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
 
Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier :

c:\docume~1\Dany\LOCALS~1\Temp\IadHide4.dll

c:\windows\system32\drivers\Imapi.sys



Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si tu ne trouves pas le fichier alors

Affiche tous les fichiers et dossiers :

Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cachés

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «appliquer» pour valider les changements.

Et OK
0
Réponse 64 / 72
dbourgeo Messages postés 70 Date d'inscription   Statut Membre Dernière intervention  
 
Fichier Iadhide4.dll

Fichier 0c0368b82472699af66dacd091fef4fa reçu le 2010.04.14 14:10:58 (UTC)
Situation actuelle: terminé
Résultat: 0/40 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.04.14 -
AhnLab-V3 5.0.0.2 2010.04.13 -
AntiVir 7.10.6.76 2010.04.14 -
Antiy-AVL 2.0.3.7 2010.04.14 -
Authentium 5.2.0.5 2010.04.14 -
Avast 4.8.1351.0 2010.04.14 -
Avast5 5.0.332.0 2010.04.14 -
AVG 9.0.0.787 2010.04.14 -
BitDefender 7.2 2010.04.14 -
CAT-QuickHeal 10.00 2010.04.14 -
ClamAV 0.96.0.3-git 2010.04.14 -
Comodo 4596 2010.04.14 -
DrWeb 5.0.2.03300 2010.04.14 -
eSafe 7.0.17.0 2010.04.14 -
eTrust-Vet 35.2.7425 2010.04.14 -
F-Prot 4.5.1.85 2010.04.13 -
F-Secure 9.0.15370.0 2010.04.14 -
Fortinet 4.0.14.0 2010.04.12 -
GData 19 2010.04.14 -
Ikarus T3.1.1.80.0 2010.04.14 -
Jiangmin 13.0.900 2010.04.13 -
Kaspersky 7.0.0.125 2010.04.14 -
McAfee 5.400.0.1158 2010.04.14 -
McAfee-GW-Edition 6.8.5 2010.04.14 -
Microsoft 1.5605 2010.04.14 -
NOD32 5028 2010.04.14 -
Norman 6.04.11 2010.04.14 -
nProtect 2010-04-14.01 2010.04.14 -
Panda 10.0.2.7 2010.04.13 -
PCTools 7.0.3.5 2010.04.14 -
Prevx 3.0 2010.04.14 -
Rising 22.43.02.04 2010.04.14 -
Sophos 4.52.0 2010.04.14 -
Sunbelt 6175 2010.04.14 -
Symantec 20091.2.0.41 2010.04.14 -
TheHacker 6.5.2.0.261 2010.04.14 -
TrendMicro 9.120.0.1004 2010.04.14 -
VBA32 3.12.12.4 2010.04.14 -
ViRobot 2010.4.14.2276 2010.04.14 -
VirusBuster 5.0.27.0 2010.04.13 -
Information additionnelle
File size: 24576 bytes
MD5 : 0c0368b82472699af66dacd091fef4fa
SHA1 : 3ab11609fe1f75ee5bb318d076dfd5221f33949e
SHA256: b0f74882718dbf1817bdbfb66a88326e3364bfe4c1d1f25999882d82a909790a
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10FB
timedatestamp.....: 0x3F2FB8B2 (Tue Aug 5 16:01:22 2003)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xB9C 0x1000 4.95 5739572a7c23ee09799c36f593da6f09
.rdata 0x2000 0x510 0x1000 2.12 facafcfd13631650bd8f492cc8629d68
.data 0x3000 0x364 0x1000 0.67 fccf61d889d1b9bffe95e885e7f9550a
.rsrc 0x4000 0x478 0x1000 1.15 b53f1632b81d342262aa96fcf98b896a
.reloc 0x5000 0x1EE 0x1000 1.04 82d97348bc6cd93543351ab96db3fe7e

( 3 imports )

> advapi32.dll: SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegCloseKey, RegQueryValueExA, RegOpenKeyExA
> kernel32.dll: GetCommandLineA, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, lstrcpynA, lstrlenA, DisableThreadLibraryCalls, CloseHandle, GetLastError, CreateEventA, SetEvent, GetModuleFileNameA, OpenEventA, GlobalAddAtomA, GetCurrentProcessId, GlobalDeleteAtom, GetTickCount, lstrcmpiA, WaitForSingleObject
> user32.dll: CallNextHookEx, UnhookWindowsHookEx, LoadStringA, SetWindowsHookExA, IsWindow, RegisterWindowMessageA, PostMessageA, wsprintfA

( 1 exports )

> GetLastEventTime, GetNKeys, SetEventNow, StartTrapping, StopTrapping, VerifyTrapping, _MyCBTProc@12, _MyKeyboardProc@12, _MyMouseProc@12, __DllMainCRTStartup@12
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: https://www.symantec.com?md5=0c0368b82472699af66dacd091fef4fa
ssdeep: 192:WPxgoNoxLJdZYoB5XCr4ilrz1jt/u0F88ji0kl:WP2i0nBdCr4u1jtDF882P
sigcheck: publisher....: BackWeb
copyright....: (c)2001 BackWeb Technologies.
product......: BackWeb IAdHide
description..: IAdHide
original name: IAdHide.dll
internal name: IAdHide
file version.: Version 6.1.4 (Build 68R)
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
-
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 72
dbourgeo Messages postés 70 Date d'inscription   Statut Membre Dernière intervention  
 
Fichier Imapi.sys


Fichier imapi.sys reçu le 2010.04.24 17:55:30 (UTC)
Situation actuelle: terminé
Résultat: 0/39 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.04.24 -
AhnLab-V3 5.0.0.2 2010.04.24 -
AntiVir 8.2.1.224 2010.04.23 -
Antiy-AVL 2.0.3.7 2010.04.23 -
Authentium 5.2.0.5 2010.04.24 -
Avast 4.8.1351.0 2010.04.24 -
Avast5 5.0.332.0 2010.04.24 -
AVG 9.0.0.787 2010.04.24 -
BitDefender 7.2 2010.04.24 -
CAT-QuickHeal 10.00 2010.04.23 -
ClamAV 0.96.0.3-git 2010.04.24 -
Comodo 4676 2010.04.24 -
DrWeb 5.0.2.03300 2010.04.24 -
eSafe 7.0.17.0 2010.04.22 -
eTrust-Vet 35.2.7448 2010.04.24 -
F-Prot 4.5.1.85 2010.04.24 -
F-Secure 9.0.15370.0 2010.04.24 -
Fortinet 4.0.14.0 2010.04.21 -
GData 21 2010.04.24 -
Ikarus T3.1.1.80.0 2010.04.24 -
Jiangmin 13.0.900 2010.04.24 -
Kaspersky 7.0.0.125 2010.04.24 -
McAfee-GW-Edition 6.8.5 2010.04.23 -
Microsoft 1.5703 2010.04.24 -
NOD32 5057 2010.04.24 -
Norman 6.04.11 2010.04.24 -
nProtect 2010-04-24.01 2010.04.24 -
Panda 10.0.2.7 2010.04.24 -
PCTools 7.0.3.5 2010.04.24 -
Prevx 3.0 2010.04.24 -
Rising 22.44.05.04 2010.04.24 -
Sophos 4.53.0 2010.04.24 -
Sunbelt 6217 2010.04.24 -
Symantec 20091.2.0.41 2010.04.24 -
TheHacker 6.5.2.0.268 2010.04.23 -
TrendMicro 9.120.0.1004 2010.04.24 -
VBA32 3.12.12.4 2010.04.23 -
ViRobot 2010.4.24.2293 2010.04.24 -
VirusBuster 5.0.27.0 2010.04.24 -
Information additionnelle
File size: 42112 bytes
MD5 : 083a052659f5310dd8b6a6cb05edcf8e
SHA1 : 11a1c247e82b8deb69bfa852259caf9793ef0aee
SHA256: 48d39b03ffb6faa1529b774443ba12618ae3982d9f65a7b9d18f2269f78b31f4
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x8AFB
timedatestamp.....: 0x480253B9 (Sun Apr 13 20:40:57 2008)
machinetype.......: 0x14C (Intel I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x2E10 0x2E80 6.21 62ccafd161a46a2033af0e2f8a821703
.rdata 0x3180 0x944 0x980 4.64 1650a10579166ceb06e890fe6e9b9e55
.data 0x3B00 0xA0 0x100 2.60 b77b7dc9cc33d390bb794b90862dbf38
PAGE 0x3C00 0x4CA4 0x4D00 6.28 548e00a65bd96595b13b89eeb9dd7f42
INIT 0x8900 0x98E 0xA00 5.74 55109560740e8202a570a2958620e5d9
.rsrc 0x9300 0x3D8 0x400 3.35 68b16ae21ac47ac899e8bc7d63b83c82
.reloc 0x9700 0xD1C 0xD80 6.47 7e8b29e28a5e53a9011786f9ab9b572a

( 0 imports )


( 0 exports )
TrID : File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 384:M9q2RDELaZX62oL2/41jCENG618J8spVXjcx8itNVBgARvYlebRO4hL5nDzzc128:D2RUaJx0Jmy1EpFuvIItOKD81jIEOx
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: IMAPI Kernel Driver
original name: IMAPI.sys
internal name: IMAPI.sys
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
packers (Kaspersky): PE_Patch
RDS : NSRL Reference Data Set
-
0
Réponse 66 / 72
dbourgeo Messages postés 70 Date d'inscription   Statut Membre Dernière intervention  
 
Je viens de réinstaller combofix.
0
Réponse 67 / 72
moment de grace Messages postés 29042 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
 
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour dbourgeo, il n'est pas transposable sur un autre ordinateur !

crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScript
Copies y ce texte dedans et enregistres le




KillAll::

Netsvc::

tqavcdyu

SkipFix::



* Désactive tes logiciels de protection
* Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
http://apu.mabul.org/up/apu/2008/09/06/ ... 35my8h.gif
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
0
Réponse 68 / 72
dbourgeo Messages postés 70 Date d'inscription   Statut Membre Dernière intervention  
 
Partie 1

ComboFix 10-04-21.01 - Dany 25/04/2010 18:20:13.7.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1505 [GMT 2:00]
Lancé depuis: c:\documents and settings\Dany\Mes documents\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Dany\Bureau\CFScript.txt
AV: BitDefender Internet Security v10 *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: BitDefender Internet Security v10 *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Pare-feu personnel d'ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
- Mode FONCTIONNALITES REDUITES -
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3602737474-2172167897-2797940940-1000
c:\$recycle.bin\S-1-5-21-3602737474-2172167897-2797940940-1000\desktop.ini
c:\$recycle.bin\S-1-5-21-4200881234-2146675543-2877990657-1000
c:\$recycle.bin\S-1-5-21-4200881234-2146675543-2877990657-1000\desktop.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-25 au 2010-04-25 ))))))))))))))))))))))))))))))))))))
.

2010-04-25 12:36 . 2010-04-25 12:36 -------- d-----w- c:\program files\WOT
2010-04-25 12:07 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-25 11:54 . 2010-04-25 11:54 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-25 11:10 . 2010-04-25 11:10 -------- d-----w- C:\DVR111D
2010-04-25 10:46 . 2010-04-25 10:46 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2010-04-24 06:01 . 2001-08-17 19:28 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys
2010-04-24 06:00 . 2004-08-03 20:32 231552 -c--a-w- c:\windows\system32\dllcache\ac97ali.sys
2010-04-24 06:00 . 2001-08-17 19:52 23552 -c--a-w- c:\windows\system32\dllcache\abp480n5.sys
2010-04-24 06:00 . 2001-08-23 15:46 98304 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2010-04-24 06:00 . 2001-08-23 15:46 462848 -c--a-w- c:\windows\system32\dllcache\a3dapi.dll
2010-04-24 06:00 . 2001-08-23 15:46 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2010-04-24 06:00 . 2008-04-13 18:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2010-04-24 06:00 . 2008-04-13 18:40 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2010-04-24 06:00 . 2008-04-13 18:46 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2010-04-24 06:00 . 2001-08-23 15:46 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2010-04-24 06:00 . 2001-08-17 20:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2010-04-24 06:00 . 2001-08-17 19:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2010-04-24 06:00 . 2001-08-17 18:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2010-04-24 06:00 . 2001-08-23 15:46 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-04-22 18:56 . 2010-04-25 12:27 -------- d-----w- c:\program files\ZHPDiag
2010-04-22 16:36 . 2010-04-22 18:20 -------- d-----w- C:\Kill'em
2010-04-22 11:05 . 2010-04-25 12:00 -------- d-----w- c:\program files\trend micro
2010-04-22 09:46 . 2010-04-22 09:46 -------- d-----w- c:\program files\ESET
2010-04-19 16:12 . 2010-04-19 16:12 -------- d-----w- c:\program files\TomTom International B.V
2010-04-18 09:23 . 2010-04-18 09:23 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-04-18 07:46 . 2010-04-18 07:46 -------- d-----w- c:\program files\Microsoft.NET
2010-04-18 07:43 . 2010-04-18 07:43 -------- d-----w- c:\windows\SHELLNEW
2010-04-18 07:42 . 2010-04-18 07:42 -------- d-----r- C:\MSOCache
2010-04-17 21:46 . 2010-04-17 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-04-17 19:27 . 2010-04-17 19:27 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-17 19:16 . 2010-04-17 19:16 -------- d-----w- c:\documents and settings\Dany\Local Settings\Application Data\Logishrd
2010-04-17 19:10 . 2010-04-17 19:11 -------- d-----w- c:\documents and settings\Dany\Application Data\Logishrd
2010-04-16 18:00 . 2010-04-16 18:00 -------- d-----w- c:\program files\TrendMicro
2010-04-14 05:15 . 2010-04-14 05:53 -------- d-----w- c:\program files\Trojan Killer
2010-04-12 23:11 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-12 11:57 . 2010-04-12 19:51 -------- d-----w- c:\documents and settings\Dany\Local Settings\Application Data\Google
2010-04-12 10:37 . 2010-04-12 10:37 699904 ----a-w- c:\windows\is-5NVC6.exe
2010-04-12 08:59 . 2010-04-12 08:59 140288 ----a-w- c:\windows\system32\drivers\ethsrmex.sys
2010-04-07 19:08 . 2010-04-07 19:08 55232 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2010-04-07 19:08 . 2010-04-07 19:08 32584 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-04-07 19:08 . 2010-04-07 19:08 134488 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-04-07 19:07 . 2010-04-07 19:07 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-04-07 19:03 . 2010-04-07 19:03 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-04-03 17:23 . 2010-04-03 17:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 17:23 . 2010-04-03 17:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 17:23 . 2010-04-03 17:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 17:23 . 2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:23 . 2010-04-03 17:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 17:22 . 2010-04-03 17:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-02 14:30 . 2010-04-02 14:30 -------- d-----w- c:\program files\DIFX
2010-04-02 14:30 . 2006-12-21 22:11 40576 ------w- c:\windows\system32\drivers\VCommUSB.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 12:08 . 2007-03-22 16:36 -------- d-----w- c:\program files\Java
2010-04-25 12:07 . 2007-03-22 16:36 -------- d-----w- c:\program files\Fichiers communs\Java
2010-04-25 12:07 . 2010-04-25 12:07 503808 ----a-w- c:\documents and settings\Dany\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-593b904a-n\msvcp71.dll
2010-04-25 12:07 . 2010-04-25 12:07 499712 ----a-w- c:\documents and settings\Dany\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-593b904a-n\jmc.dll
2010-04-25 12:07 . 2010-04-25 12:07 348160 ----a-w- c:\documents and settings\Dany\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-593b904a-n\msvcr71.dll
2010-04-25 12:07 . 2010-04-25 12:07 61440 ----a-w- c:\documents and settings\Dany\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-34f28c45-n\decora-sse.dll
2010-04-25 12:07 . 2010-04-25 12:07 12800 ----a-w- c:\documents and settings\Dany\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-34f28c45-n\decora-d3d.dll
2010-04-25 11:56 . 2004-08-05 12:00 99178 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-25 11:56 . 2004-08-05 12:00 546120 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-25 11:03 . 2009-03-07 14:21 -------- d-----w- c:\documents and settings\Dany\Application Data\WeatherWatcher
2010-04-23 10:31 . 2007-03-19 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-23 06:07 . 2010-02-02 19:51 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-22 20:21 . 2010-02-20 21:16 -------- d-----w- c:\documents and settings\Dany\Application Data\vlc
2010-04-22 08:54 . 2007-03-20 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-21 11:07 . 2010-04-21 11:07 388096 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-21 09:01 . 2010-04-13 12:26 193872 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll
2010-04-21 09:01 . 2010-04-13 12:26 1000784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll
2010-04-19 16:58 . 2007-03-19 16:56 58136 ----a-w- c:\documents and settings\Dany\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-19 16:43 . 2007-03-20 13:02 117248 ----a-w- c:\windows\system32\drivers\SSIDRV.sys
2010-04-19 16:39 . 2007-03-21 13:35 -------- d-----w- c:\program files\TechniSat DVB
2010-04-19 16:39 . 2007-03-19 12:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 16:38 . 2007-03-19 16:12 -------- d-----w- c:\program files\Smartione
2010-04-19 16:37 . 2009-09-26 15:12 -------- d-----w- c:\program files\ProgFinder
2010-04-19 16:36 . 2009-08-12 11:06 -------- d-----w- c:\program files\Panda Security
2010-04-19 16:34 . 2007-03-21 13:35 -------- d-----w- c:\program files\DVBViewerTE
2010-04-19 16:22 . 2007-04-05 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-04-19 15:46 . 2009-09-19 17:52 4945232 ----a-w- c:\documents and settings\Dany\Application Data\TomTom\HOME\Profiles\w3c08jqu.default\extensions\Navcore.8.413.1237@tomtom.com\8-413-1237-1.dll
2010-04-17 21:47 . 2010-04-17 19:17 53248 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-04-17 21:47 . 2007-12-10 07:36 -------- d-----w- c:\program files\Fichiers communs\Logishrd
2010-04-17 19:15 . 2007-03-19 14:55 -------- d-----w- c:\program files\Logitech
2010-04-17 19:14 . 2007-03-19 14:55 -------- d-----w- c:\program files\Fichiers communs\Logitech
2010-04-15 15:49 . 2009-02-08 07:42 -------- d-----w- c:\program files\Google
2010-04-12 10:40 . 2008-10-01 13:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 10:37 . 2008-10-01 13:10 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-12 07:29 . 2007-04-30 20:15 -------- d-----w- c:\program files\BitTorrent_DNA
2010-04-12 05:34 . 2010-03-19 10:27 3757392 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
2010-04-12 05:34 . 2010-03-19 10:27 259408 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll
2010-04-12 05:33 . 2010-03-19 10:27 226640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll
2010-04-12 05:33 . 2010-03-19 10:27 390480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll
2010-04-12 05:33 . 2010-03-19 10:27 173392 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll
2010-04-12 05:33 . 2010-03-19 10:27 296272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll
2010-04-12 05:33 . 2010-03-19 10:27 345424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll
2010-04-12 05:33 . 2010-03-19 10:27 206160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll
2010-04-12 05:33 . 2010-03-19 10:27 177488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll
2010-04-12 05:33 . 2010-03-19 10:27 283984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll
2010-04-12 05:33 . 2010-03-19 10:27 206160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libCHM.dll
2010-04-09 09:29 . 2010-03-19 10:27 966104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-09 09:29 . 2010-03-19 10:27 1265264 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-08 10:10 . 2007-05-18 12:30 -------- d-----w- c:\program files\FastStone Capture
2010-04-02 14:42 . 2008-06-18 10:05 335 -c--a-w- c:\windows\nsreg.dat
2010-03-29 22:46 . 2008-10-01 13:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2008-10-01 13:10 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 19:36 . 2007-03-20 12:36 -------- d-----w- c:\program files\CCleaner
2010-03-20 16:00 . 2007-06-23 13:34 -------- d-----w- c:\documents and settings\Dany\Application Data\Canon
2010-03-19 10:27 . 2010-03-19 10:27 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-10 06:16 . 2004-08-05 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 13:51 . 2008-12-19 06:37 -------- d-----w- c:\documents and settings\Dany\Application Data\dvdcss
2010-03-03 09:23 . 2007-03-19 15:54 -------- d-----w- c:\program files\IZArc
2010-02-25 20:47 . 2007-03-19 16:26 -------- d-----w- c:\documents and settings\Dany\Application Data\HARVEST S.A
2010-02-25 20:46 . 2010-02-25 20:46 -------- d-----w- c:\program files\ClickImpots plus SCI 2010
2010-02-25 18:11 . 2007-05-04 20:42 -------- d-----w- c:\program files\AM-DeadLink
2010-02-25 06:17 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-05 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06 . 2004-08-05 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2004-08-04 00:49 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-02-24 22:13 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2004-08-05 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-05 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 15:53 . 2010-03-19 10:16 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2010-03-19 10:27 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-01 09:45 . 2010-02-01 09:45 10134 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2010-02-01 09:45 . 2010-02-01 09:45 10134 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2010-02-01 09:44 . 2010-02-01 09:44 10134 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2006-05-03 09:06 . 2009-10-09 15:07 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-10-09 15:07 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-10-09 15:07 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"WeatherWatcher"="c:\program files\Weather Watcher\ww.exe" [2008-11-18 1081344]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-06-07 20480]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-03-03 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBDriver"="c:\program files\Keyboard Driver\OEMDriver.exe" [2004-08-25 151552]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2145000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= "c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL" [2006-11-07 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
2007-02-27 09:24 159744 ----a-w- c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Server4PC.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Dany^Menu Démarrer^Programmes^Démarrage^Logitech . Enregistrement du produit.lnk]
path=c:\documents and settings\Dany\Menu Démarrer\Programmes\Démarrage\Logitech . Enregistrement du produit.lnk
backup=c:\windows\pss\Logitech . Enregistrement du produit.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-03-29 22:46 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDisp]
2009-08-21 10:36 878080 ----a-w- c:\windows\system32\PrintDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Kyodai Mahjongg\\kmj.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [19/03/2010 12:27 64288]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [26/03/2007 16:26 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [26/03/2007 16:26 52224]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [07/04/2010 21:07 114984]
R1 SABDIFSV;SABDIFSV;c:\program files\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys [21/09/2005 10:17 5632]
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS [20/02/2007 15:02 32256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [07/04/2010 21:07 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [01/10/2008 15:10 303952]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [16/11/2009 14:52 77824]
R2 RegServ;RegServ;c:\windows\SRNTService.exe [12/11/2009 12:14 69632]
R2 TomTomHOMEService;TomTomHOMEService;f:\tomtom home 2\TomTomHOMEService.exe [13/11/2009 13:31 92008]
R3 adatadrv;Autodata Protection Service;c:\windows\system32\drivers\adatadrv.sys [02/11/2009 10:32 762112]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [01/10/2008 15:10 20824]
S2 gupdate1c989c0d9b3d5dc;Google Update Service (gupdate1c989c0d9b3d5dc);c:\program files\Google\Update\GoogleUpdate.exe [08/02/2009 09:42 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [05/08/2004 14:00 3584]
S2 tqavcdyu;Logitech AEC Helper;c:\windows\System32\svchost.exe -k netsvcs [05/08/2004 14:00 14336]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 17:52 1265264]
S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [14/04/2004 14:52 20736]
S3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [19/03/2007 17:32 15104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/10/2007 19:37 717296]
.
Contenu du dossier 'Tâches planifiées'

2010-04-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 09:29]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 07:42]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 07:42]

2010-04-25 c:\windows\Tasks\User_Feed_Synchronization-{B4010896-F085-4E90-8706-E2D3865DFB9B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
0
Réponse 69 / 72
dbourgeo Messages postés 70 Date d'inscription   Statut Membre Dernière intervention  
 
Partie 2


------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.my.yahoo.com/
uInternet Settings,ProxyOverride = localhost
IE: Ajouter au fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
Trusted Zone: secuser.com\www
TCP: {9E9D081D-EAA5-4C2C-ABA7-6BA4EE5C7653} = 212.27.54.252,213.228.0.23
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} - hxxp://www.programchecker.com/dll/nixon.cab
FF - ProfilePath - c:\documents and settings\Dany\Application Data\Mozilla\Firefox\Profiles\6ndeje8e.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.my.yahoo.com/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: e:\xp\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\xp\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\xp\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-RSRWin.exe - c:\windows\RSRWin.exe
HKU-Default-Run-RSRWin.exe - c:\windows\RSRWin.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-25 18:25
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1409082233-261903793-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A017AF56-B493-BA8F-B78A-ABAC1F958DAB}*]
"faigafmkfagb"=hex:6d,62,6e,67,67,6a,6f,63,66,6b,62,6b,67,6a,6f,6d,6d,62,61,6b,
64,65,65,69,6a,69,6b,6b,63,6f,63,6a,6f,6a,66,6d,68,62,6e,70,68,68,65,66,64,\
"gajeimeomgllde"=hex:63,61,6b,66,66,68,00,00
"gaiennfajdkfje"=hex:63,61,6b,66,66,68,00,00

[HKEY_USERS\S-1-5-21-1409082233-261903793-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:c9,8a,a1,d3,ea,6c,33,6c,1a,e7,0d,94,b3,e1,f4,f7,96,79,6f,5e,d5,25,6e,
08,a3,e8,1e,f3,1a,70,7e,89,36,32,94,d1,a6,5a,6b,3e,40,01,54,44,f7,21,de,8b,\
"??"=hex:6b,17,e5,79,7b,28,33,4c,05,ba,2a,9e,a9,42,7d,26

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:0000040c
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{B91B907B-3542-4DDB-84FA-55EDE3F13969}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.2.40.10"
"UniqueId"="0007876D4BD01B15"
"ScannerBuild"=dword:00001aeb
"ScannerVersionId"=dword:00001390
"ScannerVersion"="Open window for status."

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI04.00.00.01PRO"="9D8A793893C67688BABF2127E6827D4EDA27D0B11FE83A54D5B0D036F379505986151D5064A59CBDED6A2809C6A9A2B32649710525FAD4FDAAF876CF66BE1FBE69B863305159C752A70E9D905181A2C6BAA61FF21A7210CD84CF997A8EA3CA554F74747F000E9024F0AE12363A1108833BEF6AE6E052890245AD6FB21AC02A417AA7CBEA8A9820D3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407C038D530D6EB3452BA7FD869164D67945902353A9A01F6341CC2B6562780CCDEFA4EC48EE171B24A9828A0D10040AB7F217F0D4C04C8847EE2F78CC3B75F30A22FF2687BF86AF80E8E7E07AE568C832C493B1511FCE11C3838687F68F248D965E9703A3525380C85188F5A6542B37FCBEB03FD9CEA3E891B924E820A2A64EBE1200992D0C3DE040A46C8F77C4F31CCFA578D4907A7EF2EA19D465F71A4839C9379621FE8A8038B3B5EF712FD7D252C988FF1CD6BFEB2800DB852306A1B15373D5408DF1A1BF1627A5A522DF9BFD2F147492CB7E9B2E008E17857E445BC301962BF682987D5985AEDE7ED2503002385EE6F9E04A6F77DE3E6A39F41582A8F35CD01D5A5D4078BDD8067C5252E992063B9210C0748F6ACC3A936575EFA7A8F118C8F85D0AD5281E45FEEBA31965BFB9C97311D667B4D37EDF85E12260A3833486E1992FABECFD380FB490F1EDC8A88D3BAA4DE9D6E8B09BBE901C2D9665F9F080A7E7CC9B90903538E72EA15205FBFC39BB6C07B56B7B41A5436448CF3E39F123752A336D47E3194909DD8950B853C36F45718216ACAEE895447D2261D2BA03D14DED08C48A12590BE2E496F449C3D0DC5279C87E5301021CAB591E24C8FB47401A0ACEC535A4A259DBE8EC97E39A83C51FDEA7808CA1688DAB38451F35E11B5A346454E36032F46F09CE19E6963054C9DE40313956E9F7D6C2A9457085A9093E5B60FF6B7EB07FBC4C9DBB93C967ED8F79B4AC8D564F251ADB3112A023830B27309DE0521D6285F667BFDBF33C2E4126D9589E2146AF8E90C202A56DB2492CFBE8AEEE8C0FB0FA2E71BABA38A4C2CBC5277EAF920B03F3F3E73753D1A3AFC377BBBDEE6668458071FC6AA31060C6C31BE1C81FDCEDB75E0BAE26C123E8ED9CBA4CF3099E9914964274FA8856D4D62DB8B12BE31F40771EDBDDDEBDAD125B6837530496BA3B546265E3AB2138A4FEBBCD81DFD2BF03D2B1B480036746378C6E9707A749E71F55C4B66423E9DAB470E670BB17AD4A17FC0B41E9F708F8076DD9BD97DE0C73550B8E7A35322C1A2DCF105C6FC53EE6AC4F0164743242FC082F6CBBBBF21CF5532AFA1438F18EAC7ACE0D17ADA8E0BB2F3A3AF8FA53E2AB971B04163F62A72B9FD38B4B14DC1DBF545CC1E515F9411E6EADF8888"

[HKEY_LOCAL_MACHINE\software\swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'explorer.exe'(696)
c:\docume~1\Dany\LOCALS~1\Temp\IadHide4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\IoctlSvc.exe
e:\xp\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\progra~1\MICROS~2\rapimgr.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Fichiers communs\LogiShrd\KHAL3\KHALMNPR.EXE
.
**************************************************************************
.
Heure de fin: 2010-04-25 18:32:51 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-04-25 16:32

Avant-CF: 27 596 144 640 octets libres
Après-CF: 27 577 458 688 octets libres

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 49C85426B13AA34E1D23478D033C92F4
0
Réponse 70 / 72
moment de grace Messages postés 29042 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
 
ok

si tout fonctionne, on en reste là
0
Réponse 71 / 72
dbourgeo Messages postés 70 Date d'inscription   Statut Membre Dernière intervention  
 
Parfait, franchement je te dis un grand MERCI car vraiment je ne pensais pas à tout ça au niveau travail.
Merci pour ta disponibilité et tout le travail.
Cordialement Daniel.
0
moment de grace Messages postés 29042 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
 
si tu as un soucis revient par ce sujet j'aurais ton alerte

malgré le bon résultat de Virus total, un certain doute persiste

@
0
Réponse 72 / 72
dbourgeo Messages postés 70 Date d'inscription   Statut Membre Dernière intervention  
 
Tu es vraiment sympa.
Bonne fin de soirée.
0

Discussions similaires

Y a t-il une âme charitable pour m'aider ??
Rochat1 -
Rochat1 -

3 réponses
expressions francaises
bifaka -
lanonyme -

4 réponses
Aide svp modification mot de passe impossible attaque par dictionnaire
marvi1 -
marvi1 -

4 réponses
Formulaire VBA bloqué à la saisie
Anouchka2586 -
f894009 -

1 réponse
j'ai le même probleme... si quelqu'un peut m'aider
Deborah -
georges97 -

1 réponse