Infections détectées dont un trojan
millefeuille
Messages postés
28
Statut
Membre
-
dédétraqué Messages postés 4522 Statut Contributeur sécurité -
dédétraqué Messages postés 4522 Statut Contributeur sécurité -
Bonjour,
J'ai fait un scan , comment puis-je débarasser mon ordinateur dees infections.
Merci pour votre aide.
voilà le rapport malwareMalwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
18/05/2010 03:09:36
mbam-log-2010-05-18 (03-09-36).txt
Scan type: Quick scan
Objects scanned: 104359
Time elapsed: 3 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f77cdb7-d730-4b5c-a64f-1515df0bfb12} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2f77cdb7-d730-4b5c-a64f-1515df0bfb12} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\mssarph.mssarpbho (Adware.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\TypeLib\{76799619-cff6-44b2-8607-593d9324268f} (Adware.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{d3dc9dcf-b776-4ead-ab2f-f0c9c82afc91} (Adware.BHO) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2f77cdb7-d730-4b5c-a64f-1515df0bfb12} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mssarph.mssarpbho.1 (Adware.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\{433AE4C6-62FF-4488-88F4-CB7ABE1E3AED} (Adware.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\mssarph.DLL (Adware.BHO) -> Delete on reboot.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\msvbah32.dll (Trojan.Vundo.H) -> Delete on reboot.
J'ai fait un scan , comment puis-je débarasser mon ordinateur dees infections.
Merci pour votre aide.
voilà le rapport malwareMalwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
18/05/2010 03:09:36
mbam-log-2010-05-18 (03-09-36).txt
Scan type: Quick scan
Objects scanned: 104359
Time elapsed: 3 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f77cdb7-d730-4b5c-a64f-1515df0bfb12} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2f77cdb7-d730-4b5c-a64f-1515df0bfb12} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\mssarph.mssarpbho (Adware.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\TypeLib\{76799619-cff6-44b2-8607-593d9324268f} (Adware.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{d3dc9dcf-b776-4ead-ab2f-f0c9c82afc91} (Adware.BHO) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2f77cdb7-d730-4b5c-a64f-1515df0bfb12} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mssarph.mssarpbho.1 (Adware.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\{433AE4C6-62FF-4488-88F4-CB7ABE1E3AED} (Adware.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\mssarph.DLL (Adware.BHO) -> Delete on reboot.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\msvbah32.dll (Trojan.Vundo.H) -> Delete on reboot.
A voir également:
- Infections détectées dont un trojan
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Virus trojan al11 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Trojan win32 - Forum Virus
9 réponses
Salut millefeuille
Télécharge combofix.exe (de sUBs) sur le bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Important Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp
https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n'est pas fini. <==
Double clique sur combofix.exe, clique sur OUI et valide par Entrée
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure
@++ :)
Télécharge combofix.exe (de sUBs) sur le bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Important Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp
https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n'est pas fini. <==
Double clique sur combofix.exe, clique sur OUI et valide par Entrée
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure
@++ :)
c'est ok voilà le rapport
ComboFix 10-05-16.04 - Propriétaire 18/05/2010 11:18:36.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2045.1256 [GMT 2:00]
Lancé depuis: c:\documents and settings\MICHELE\Mes documents\Téléchargements\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\msVBah32.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-18 au 2010-05-18 ))))))))))))))))))))))))))))))))))))
.
2010-05-17 04:49 . 2010-03-26 08:33 1496064 ----a-w- c:\documents and settings\MICHELE\Application Data\Mozilla\Firefox\Profiles\rruvdk4l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-05-17 04:49 . 2010-03-26 08:33 43008 ----a-w- c:\documents and settings\MICHELE\Application Data\Mozilla\Firefox\Profiles\rruvdk4l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-05-17 04:49 . 2010-03-26 08:33 339456 ----a-w- c:\documents and settings\MICHELE\Application Data\Mozilla\Firefox\Profiles\rruvdk4l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-05-17 04:49 . 2010-03-26 08:32 346112 ----a-w- c:\documents and settings\MICHELE\Application Data\Mozilla\Firefox\Profiles\rruvdk4l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-29 04:08 . 2010-03-26 08:33 1496064 ----a-w- c:\documents and settings\Pascaline\Application Data\Mozilla\Firefox\Profiles\xhx5fgfl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-29 04:08 . 2010-03-26 08:33 43008 ----a-w- c:\documents and settings\Pascaline\Application Data\Mozilla\Firefox\Profiles\xhx5fgfl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-29 04:08 . 2010-03-26 08:33 339456 ----a-w- c:\documents and settings\Pascaline\Application Data\Mozilla\Firefox\Profiles\xhx5fgfl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-29 04:08 . 2010-03-26 08:32 346112 ----a-w- c:\documents and settings\Pascaline\Application Data\Mozilla\Firefox\Profiles\xhx5fgfl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-21 10:39 . 2010-04-21 10:39 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-21 10:38 . 2010-04-21 10:38 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 09:17 . 2010-03-10 16:46 -------- d-----w- c:\program files\Fichiers communs\Akamai
2010-05-18 08:52 . 2009-12-09 12:05 0 ----a-w- c:\documents and settings\Pascaline\Local Settings\Application Data\prvlcl.dat
2010-05-18 08:52 . 2009-11-24 19:13 0 ----a-w- c:\documents and settings\MICHELE\Local Settings\Application Data\prvlcl.dat
2010-05-18 01:04 . 2009-08-03 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-17 06:35 . 2009-12-13 16:18 -------- d-----w- c:\documents and settings\Pascaline\Application Data\DNA
2010-05-17 06:28 . 2009-08-29 20:02 1 ----a-w- c:\documents and settings\Pascaline\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-16 13:11 . 2009-12-28 10:22 1492 ----a-w- c:\documents and settings\Pascaline\Application Data\wklnhst.dat
2010-05-16 13:06 . 2010-03-03 18:36 -------- d-----w- c:\documents and settings\Pascaline\Application Data\vlc
2010-05-03 02:07 . 2009-11-16 10:28 17110 ----a-w- c:\documents and settings\MICHELE\Application Data\wklnhst.dat
2010-05-02 13:51 . 2010-03-25 11:57 -------- d-----w- c:\documents and settings\MICHELE\Application Data\vlc
2010-05-02 13:50 . 2009-07-25 17:42 -------- d-----w- c:\documents and settings\MICHELE\Application Data\dvdcss
2010-04-30 05:45 . 2009-07-22 11:15 1 ----a-w- c:\documents and settings\MICHELE\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-29 13:39 . 2009-08-03 17:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-08-03 17:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 10:39 . 2009-07-07 17:19 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-20 20:11 . 2009-07-21 20:49 -------- d-----w- c:\documents and settings\Pascaline\Application Data\dvdcss
2010-04-20 12:42 . 2009-08-11 10:06 -------- d-----w- c:\program files\Battle for Wesnoth 1.7.2
2010-04-07 05:06 . 2010-04-07 05:06 699904 ----a-w- c:\windows\isRS-000.tmp
2010-04-07 05:03 . 2009-08-10 13:09 -------- d-----w- c:\program files\DNA
2010-04-06 19:06 . 2010-04-06 14:36 -------- d-----w- c:\documents and settings\MICHELE\Application Data\Skype
2010-04-05 09:09 . 2010-04-05 09:09 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-05 09:05 . 2010-04-05 09:04 -------- d-----r- c:\program files\Skype
2010-04-05 09:04 . 2010-04-05 09:04 -------- d-----w- c:\program files\Fichiers communs\Skype
2010-04-05 09:04 . 2010-04-05 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-28 05:47 . 2008-04-14 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-28 05:47 . 2008-04-14 12:00 500454 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-27 14:48 . 2010-03-27 14:48 -------- d-----w- c:\program files\LimeWire
2010-03-17 05:16 . 2010-03-17 05:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 05:16 . 2009-07-07 17:19 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 05:16 . 2009-07-07 17:19 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 17:49 . 2010-03-10 17:49 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-03-10 17:49 . 2010-03-10 17:49 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-10 16:01 . 2010-03-10 16:01 59392 ----a-w- c:\windows\system32\msvbah64.dll
2010-03-10 06:16 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:17 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{08554cca-509f-4139-b17b-225108a83865}"= "c:\program files\barrapc_fr\tbbarr.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{08554cca-509f-4139-b17b-225108a83865}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08554cca-509f-4139-b17b-225108a83865}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\barrapc_fr\tbbarr.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{08554cca-509f-4139-b17b-225108a83865}"= "c:\program files\barrapc_fr\tbbarr.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{08554cca-509f-4139-b17b-225108a83865}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-15 323392]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-12-23 2642168]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-16 2772992]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2008-06-10 107248]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-08-19 180269]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Propri'taire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\Pascaline\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\Propri'taire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\MICHELE\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\Propri'taire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]
c:\documents and settings\Propri'taire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 05:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
ComboFix 10-05-16.04 - Propriétaire 18/05/2010 11:18:36.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2045.1256 [GMT 2:00]
Lancé depuis: c:\documents and settings\MICHELE\Mes documents\Téléchargements\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\msVBah32.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-18 au 2010-05-18 ))))))))))))))))))))))))))))))))))))
.
2010-05-17 04:49 . 2010-03-26 08:33 1496064 ----a-w- c:\documents and settings\MICHELE\Application Data\Mozilla\Firefox\Profiles\rruvdk4l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-05-17 04:49 . 2010-03-26 08:33 43008 ----a-w- c:\documents and settings\MICHELE\Application Data\Mozilla\Firefox\Profiles\rruvdk4l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-05-17 04:49 . 2010-03-26 08:33 339456 ----a-w- c:\documents and settings\MICHELE\Application Data\Mozilla\Firefox\Profiles\rruvdk4l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-05-17 04:49 . 2010-03-26 08:32 346112 ----a-w- c:\documents and settings\MICHELE\Application Data\Mozilla\Firefox\Profiles\rruvdk4l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-29 04:08 . 2010-03-26 08:33 1496064 ----a-w- c:\documents and settings\Pascaline\Application Data\Mozilla\Firefox\Profiles\xhx5fgfl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-29 04:08 . 2010-03-26 08:33 43008 ----a-w- c:\documents and settings\Pascaline\Application Data\Mozilla\Firefox\Profiles\xhx5fgfl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-29 04:08 . 2010-03-26 08:33 339456 ----a-w- c:\documents and settings\Pascaline\Application Data\Mozilla\Firefox\Profiles\xhx5fgfl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-29 04:08 . 2010-03-26 08:32 346112 ----a-w- c:\documents and settings\Pascaline\Application Data\Mozilla\Firefox\Profiles\xhx5fgfl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-21 10:39 . 2010-04-21 10:39 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-21 10:38 . 2010-04-21 10:38 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 09:17 . 2010-03-10 16:46 -------- d-----w- c:\program files\Fichiers communs\Akamai
2010-05-18 08:52 . 2009-12-09 12:05 0 ----a-w- c:\documents and settings\Pascaline\Local Settings\Application Data\prvlcl.dat
2010-05-18 08:52 . 2009-11-24 19:13 0 ----a-w- c:\documents and settings\MICHELE\Local Settings\Application Data\prvlcl.dat
2010-05-18 01:04 . 2009-08-03 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-17 06:35 . 2009-12-13 16:18 -------- d-----w- c:\documents and settings\Pascaline\Application Data\DNA
2010-05-17 06:28 . 2009-08-29 20:02 1 ----a-w- c:\documents and settings\Pascaline\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-16 13:11 . 2009-12-28 10:22 1492 ----a-w- c:\documents and settings\Pascaline\Application Data\wklnhst.dat
2010-05-16 13:06 . 2010-03-03 18:36 -------- d-----w- c:\documents and settings\Pascaline\Application Data\vlc
2010-05-03 02:07 . 2009-11-16 10:28 17110 ----a-w- c:\documents and settings\MICHELE\Application Data\wklnhst.dat
2010-05-02 13:51 . 2010-03-25 11:57 -------- d-----w- c:\documents and settings\MICHELE\Application Data\vlc
2010-05-02 13:50 . 2009-07-25 17:42 -------- d-----w- c:\documents and settings\MICHELE\Application Data\dvdcss
2010-04-30 05:45 . 2009-07-22 11:15 1 ----a-w- c:\documents and settings\MICHELE\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-29 13:39 . 2009-08-03 17:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-08-03 17:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 10:39 . 2009-07-07 17:19 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-20 20:11 . 2009-07-21 20:49 -------- d-----w- c:\documents and settings\Pascaline\Application Data\dvdcss
2010-04-20 12:42 . 2009-08-11 10:06 -------- d-----w- c:\program files\Battle for Wesnoth 1.7.2
2010-04-07 05:06 . 2010-04-07 05:06 699904 ----a-w- c:\windows\isRS-000.tmp
2010-04-07 05:03 . 2009-08-10 13:09 -------- d-----w- c:\program files\DNA
2010-04-06 19:06 . 2010-04-06 14:36 -------- d-----w- c:\documents and settings\MICHELE\Application Data\Skype
2010-04-05 09:09 . 2010-04-05 09:09 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-05 09:05 . 2010-04-05 09:04 -------- d-----r- c:\program files\Skype
2010-04-05 09:04 . 2010-04-05 09:04 -------- d-----w- c:\program files\Fichiers communs\Skype
2010-04-05 09:04 . 2010-04-05 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-28 05:47 . 2008-04-14 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-28 05:47 . 2008-04-14 12:00 500454 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-27 14:48 . 2010-03-27 14:48 -------- d-----w- c:\program files\LimeWire
2010-03-17 05:16 . 2010-03-17 05:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 05:16 . 2009-07-07 17:19 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 05:16 . 2009-07-07 17:19 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 17:49 . 2010-03-10 17:49 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-03-10 17:49 . 2010-03-10 17:49 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-10 16:01 . 2010-03-10 16:01 59392 ----a-w- c:\windows\system32\msvbah64.dll
2010-03-10 06:16 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:17 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{08554cca-509f-4139-b17b-225108a83865}"= "c:\program files\barrapc_fr\tbbarr.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{08554cca-509f-4139-b17b-225108a83865}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08554cca-509f-4139-b17b-225108a83865}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\barrapc_fr\tbbarr.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{08554cca-509f-4139-b17b-225108a83865}"= "c:\program files\barrapc_fr\tbbarr.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{08554cca-509f-4139-b17b-225108a83865}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-15 323392]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-12-23 2642168]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-16 2772992]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2008-06-10 107248]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-08-19 180269]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Propri'taire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\Pascaline\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\Propri'taire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\MICHELE\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\Propri'taire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]
c:\documents and settings\Propri'taire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 05:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
Salut millefeuille
Ton rapport n'est pas complet, utilise cjoint.com pour poster en lien ton rapport :
https://www.cjoint.com/
- Clique sur Parcourir pour aller chercher le rapport
- Clique sur Ouvrir ensuite sur Créer le lien Cjoint
- Fais un copier/coller du lien qui est devant Le lien a été créé: dans ta prochaine réponse.
Si ton rapport plus grand que 500Ko ici :
https://www.filedropper.com/
http://ww38.toofiles.com/fr/
@++ :)
Ton rapport n'est pas complet, utilise cjoint.com pour poster en lien ton rapport :
https://www.cjoint.com/
- Clique sur Parcourir pour aller chercher le rapport
- Clique sur Ouvrir ensuite sur Créer le lien Cjoint
- Fais un copier/coller du lien qui est devant Le lien a été créé: dans ta prochaine réponse.
Si ton rapport plus grand que 500Ko ici :
https://www.filedropper.com/
http://ww38.toofiles.com/fr/
@++ :)
Bonsoir et désolée d'avoir tarder...
le rapport complet, j'espère
ComboFix 10-05-16.04 - Propriétaire 18/05/2010 11:18:36.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2045.1256 [GMT 2:00]
Lancé depuis: c:\documents and settings\MICHELE\Mes documents\Téléchargements\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\msVBah32.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-18 au 2010-05-18 ))))))))))))))))))))))))))))))))))))
.
2010-05-17 04:49 . 2010-03-26 08:33 1496064 ----a-w- c:\documents and settings\MICHELE\Application Data\Mozilla\Firefox\Profiles\rruvdk4l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-05-17 04:49 . 2010-03-26 08:33 43008 ----a-w- c:\documents and settings\MICHELE\Application Data\Mozilla\Firefox\Profiles\rruvdk4l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-05-17 04:49 . 2010-03-26 08:33 339456 ----a-w- c:\documents and settings\MICHELE\Application Data\Mozilla\Firefox\Profiles\rruvdk4l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-05-17 04:49 . 2010-03-26 08:32 346112 ----a-w- c:\documents and settings\MICHELE\Application Data\Mozilla\Firefox\Profiles\rruvdk4l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-29 04:08 . 2010-03-26 08:33 1496064 ----a-w- c:\documents and settings\Pascaline\Application Data\Mozilla\Firefox\Profiles\xhx5fgfl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-29 04:08 . 2010-03-26 08:33 43008 ----a-w- c:\documents and settings\Pascaline\Application Data\Mozilla\Firefox\Profiles\xhx5fgfl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-29 04:08 . 2010-03-26 08:33 339456 ----a-w- c:\documents and settings\Pascaline\Application Data\Mozilla\Firefox\Profiles\xhx5fgfl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-29 04:08 . 2010-03-26 08:32 346112 ----a-w- c:\documents and settings\Pascaline\Application Data\Mozilla\Firefox\Profiles\xhx5fgfl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-21 10:39 . 2010-04-21 10:39 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-21 10:38 . 2010-04-21 10:38 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 09:17 . 2010-03-10 16:46 -------- d-----w- c:\program files\Fichiers communs\Akamai
2010-05-18 08:52 . 2009-12-09 12:05 0 ----a-w- c:\documents and settings\Pascaline\Local Settings\Application Data\prvlcl.dat
2010-05-18 08:52 . 2009-11-24 19:13 0 ----a-w- c:\documents and settings\MICHELE\Local Settings\Application Data\prvlcl.dat
2010-05-18 01:04 . 2009-08-03 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-17 06:35 . 2009-12-13 16:18 -------- d-----w- c:\documents and settings\Pascaline\Application Data\DNA
2010-05-17 06:28 . 2009-08-29 20:02 1 ----a-w- c:\documents and settings\Pascaline\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-16 13:11 . 2009-12-28 10:22 1492 ----a-w- c:\documents and settings\Pascaline\Application Data\wklnhst.dat
2010-05-16 13:06 . 2010-03-03 18:36 -------- d-----w- c:\documents and settings\Pascaline\Application Data\vlc
2010-05-03 02:07 . 2009-11-16 10:28 17110 ----a-w- c:\documents and settings\MICHELE\Application Data\wklnhst.dat
2010-05-02 13:51 . 2010-03-25 11:57 -------- d-----w- c:\documents and settings\MICHELE\Application Data\vlc
2010-05-02 13:50 . 2009-07-25 17:42 -------- d-----w- c:\documents and settings\MICHELE\Application Data\dvdcss
2010-04-30 05:45 . 2009-07-22 11:15 1 ----a-w- c:\documents and settings\MICHELE\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-29 13:39 . 2009-08-03 17:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-08-03 17:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 10:39 . 2009-07-07 17:19 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-20 20:11 . 2009-07-21 20:49 -------- d-----w- c:\documents and settings\Pascaline\Application Data\dvdcss
2010-04-20 12:42 . 2009-08-11 10:06 -------- d-----w- c:\program files\Battle for Wesnoth 1.7.2
2010-04-07 05:06 . 2010-04-07 05:06 699904 ----a-w- c:\windows\isRS-000.tmp
2010-04-07 05:03 . 2009-08-10 13:09 -------- d-----w- c:\program files\DNA
2010-04-06 19:06 . 2010-04-06 14:36 -------- d-----w- c:\documents and settings\MICHELE\Application Data\Skype
2010-04-05 09:09 . 2010-04-05 09:09 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-05 09:05 . 2010-04-05 09:04 -------- d-----r- c:\program files\Skype
2010-04-05 09:04 . 2010-04-05 09:04 -------- d-----w- c:\program files\Fichiers communs\Skype
2010-04-05 09:04 . 2010-04-05 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-28 05:47 . 2008-04-14 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-28 05:47 . 2008-04-14 12:00 500454 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-27 14:48 . 2010-03-27 14:48 -------- d-----w- c:\program files\LimeWire
2010-03-17 05:16 . 2010-03-17 05:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 05:16 . 2009-07-07 17:19 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 05:16 . 2009-07-07 17:19 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 17:49 . 2010-03-10 17:49 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-03-10 17:49 . 2010-03-10 17:49 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-10 16:01 . 2010-03-10 16:01 59392 ----a-w- c:\windows\system32\msvbah64.dll
2010-03-10 06:16 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:17 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{08554cca-509f-4139-b17b-225108a83865}"= "c:\program files\barrapc_fr\tbbarr.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{08554cca-509f-4139-b17b-225108a83865}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08554cca-509f-4139-b17b-225108a83865}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\barrapc_fr\tbbarr.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{08554cca-509f-4139-b17b-225108a83865}"= "c:\program files\barrapc_fr\tbbarr.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{08554cca-509f-4139-b17b-225108a83865}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-15 323392]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-12-23 2642168]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-16 2772992]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2008-06-10 107248]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-08-19 180269]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Propri'taire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\Pascaline\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\Propri'taire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\MICHELE\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\Propri'taire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]
c:\documents and settings\Propri'taire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 05:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\Pascaline\\Local Settings\\Application Data\\F4\\ClientUpdater\\ClientUpdater.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\gPotato.eu\\Allods Online\\bin\\Launcher1.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [07/07/2009 19:19 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [07/07/2009 19:19 242896]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14/04/2008 14:00 14336]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [17/03/2010 07:16 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/03/2010 07:16 308064]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [20/07/2009 15:38 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [20/07/2009 15:39 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [20/07/2009 15:39 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [20/07/2009 15:39 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [20/07/2009 15:39 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [20/07/2009 15:39 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [20/07/2009 15:39 97704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenu du dossier 'Tâches planifiées'
2010-05-18 c:\windows\Tasks\User_Feed_Synchronization-{89DF5E0E-24F6-48CD-A902-E558C7C8FA7A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://mywebs.pro
mStart Page = hxxp://mywebs.pro
FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\fnum8blr.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Battle for Wesnoth 1.8.0 - c:\documents and settings\Pascaline\Mes documents\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 11:21
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Heure de fin: 2010-05-18 11:22:22
ComboFix-quarantined-files.txt 2010-05-18 09:22
Avant-CF: 54 405 877 760 octets libres
Après-CF: 60 243 709 952 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
- - End Of File - - 8E3A1F2C1AD381DE052473E19E9E7443
le rapport complet, j'espère
ComboFix 10-05-16.04 - Propriétaire 18/05/2010 11:18:36.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2045.1256 [GMT 2:00]
Lancé depuis: c:\documents and settings\MICHELE\Mes documents\Téléchargements\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\msVBah32.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-18 au 2010-05-18 ))))))))))))))))))))))))))))))))))))
.
2010-05-17 04:49 . 2010-03-26 08:33 1496064 ----a-w- c:\documents and settings\MICHELE\Application Data\Mozilla\Firefox\Profiles\rruvdk4l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-05-17 04:49 . 2010-03-26 08:33 43008 ----a-w- c:\documents and settings\MICHELE\Application Data\Mozilla\Firefox\Profiles\rruvdk4l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-05-17 04:49 . 2010-03-26 08:33 339456 ----a-w- c:\documents and settings\MICHELE\Application Data\Mozilla\Firefox\Profiles\rruvdk4l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-05-17 04:49 . 2010-03-26 08:32 346112 ----a-w- c:\documents and settings\MICHELE\Application Data\Mozilla\Firefox\Profiles\rruvdk4l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-29 04:08 . 2010-03-26 08:33 1496064 ----a-w- c:\documents and settings\Pascaline\Application Data\Mozilla\Firefox\Profiles\xhx5fgfl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-29 04:08 . 2010-03-26 08:33 43008 ----a-w- c:\documents and settings\Pascaline\Application Data\Mozilla\Firefox\Profiles\xhx5fgfl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-29 04:08 . 2010-03-26 08:33 339456 ----a-w- c:\documents and settings\Pascaline\Application Data\Mozilla\Firefox\Profiles\xhx5fgfl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-29 04:08 . 2010-03-26 08:32 346112 ----a-w- c:\documents and settings\Pascaline\Application Data\Mozilla\Firefox\Profiles\xhx5fgfl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-21 10:39 . 2010-04-21 10:39 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-21 10:38 . 2010-04-21 10:38 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 09:17 . 2010-03-10 16:46 -------- d-----w- c:\program files\Fichiers communs\Akamai
2010-05-18 08:52 . 2009-12-09 12:05 0 ----a-w- c:\documents and settings\Pascaline\Local Settings\Application Data\prvlcl.dat
2010-05-18 08:52 . 2009-11-24 19:13 0 ----a-w- c:\documents and settings\MICHELE\Local Settings\Application Data\prvlcl.dat
2010-05-18 01:04 . 2009-08-03 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-17 06:35 . 2009-12-13 16:18 -------- d-----w- c:\documents and settings\Pascaline\Application Data\DNA
2010-05-17 06:28 . 2009-08-29 20:02 1 ----a-w- c:\documents and settings\Pascaline\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-16 13:11 . 2009-12-28 10:22 1492 ----a-w- c:\documents and settings\Pascaline\Application Data\wklnhst.dat
2010-05-16 13:06 . 2010-03-03 18:36 -------- d-----w- c:\documents and settings\Pascaline\Application Data\vlc
2010-05-03 02:07 . 2009-11-16 10:28 17110 ----a-w- c:\documents and settings\MICHELE\Application Data\wklnhst.dat
2010-05-02 13:51 . 2010-03-25 11:57 -------- d-----w- c:\documents and settings\MICHELE\Application Data\vlc
2010-05-02 13:50 . 2009-07-25 17:42 -------- d-----w- c:\documents and settings\MICHELE\Application Data\dvdcss
2010-04-30 05:45 . 2009-07-22 11:15 1 ----a-w- c:\documents and settings\MICHELE\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-29 13:39 . 2009-08-03 17:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-08-03 17:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 10:39 . 2009-07-07 17:19 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-20 20:11 . 2009-07-21 20:49 -------- d-----w- c:\documents and settings\Pascaline\Application Data\dvdcss
2010-04-20 12:42 . 2009-08-11 10:06 -------- d-----w- c:\program files\Battle for Wesnoth 1.7.2
2010-04-07 05:06 . 2010-04-07 05:06 699904 ----a-w- c:\windows\isRS-000.tmp
2010-04-07 05:03 . 2009-08-10 13:09 -------- d-----w- c:\program files\DNA
2010-04-06 19:06 . 2010-04-06 14:36 -------- d-----w- c:\documents and settings\MICHELE\Application Data\Skype
2010-04-05 09:09 . 2010-04-05 09:09 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-05 09:05 . 2010-04-05 09:04 -------- d-----r- c:\program files\Skype
2010-04-05 09:04 . 2010-04-05 09:04 -------- d-----w- c:\program files\Fichiers communs\Skype
2010-04-05 09:04 . 2010-04-05 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-28 05:47 . 2008-04-14 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-28 05:47 . 2008-04-14 12:00 500454 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-27 14:48 . 2010-03-27 14:48 -------- d-----w- c:\program files\LimeWire
2010-03-17 05:16 . 2010-03-17 05:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 05:16 . 2009-07-07 17:19 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 05:16 . 2009-07-07 17:19 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 17:49 . 2010-03-10 17:49 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-03-10 17:49 . 2010-03-10 17:49 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-10 16:01 . 2010-03-10 16:01 59392 ----a-w- c:\windows\system32\msvbah64.dll
2010-03-10 06:16 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:17 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{08554cca-509f-4139-b17b-225108a83865}"= "c:\program files\barrapc_fr\tbbarr.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{08554cca-509f-4139-b17b-225108a83865}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08554cca-509f-4139-b17b-225108a83865}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\barrapc_fr\tbbarr.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{08554cca-509f-4139-b17b-225108a83865}"= "c:\program files\barrapc_fr\tbbarr.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{08554cca-509f-4139-b17b-225108a83865}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-15 323392]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-12-23 2642168]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-16 2772992]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2008-06-10 107248]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-08-19 180269]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Propri'taire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\Pascaline\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\Propri'taire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\MICHELE\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\Propri'taire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]
c:\documents and settings\Propri'taire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 05:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\Pascaline\\Local Settings\\Application Data\\F4\\ClientUpdater\\ClientUpdater.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\gPotato.eu\\Allods Online\\bin\\Launcher1.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [07/07/2009 19:19 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [07/07/2009 19:19 242896]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14/04/2008 14:00 14336]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [17/03/2010 07:16 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/03/2010 07:16 308064]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [20/07/2009 15:38 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [20/07/2009 15:39 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [20/07/2009 15:39 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [20/07/2009 15:39 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [20/07/2009 15:39 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [20/07/2009 15:39 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [20/07/2009 15:39 97704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenu du dossier 'Tâches planifiées'
2010-05-18 c:\windows\Tasks\User_Feed_Synchronization-{89DF5E0E-24F6-48CD-A902-E558C7C8FA7A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://mywebs.pro
mStart Page = hxxp://mywebs.pro
FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\fnum8blr.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Battle for Wesnoth 1.8.0 - c:\documents and settings\Pascaline\Mes documents\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 11:21
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Heure de fin: 2010-05-18 11:22:22
ComboFix-quarantined-files.txt 2010-05-18 09:22
Avant-CF: 54 405 877 760 octets libres
Après-CF: 60 243 709 952 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
- - End Of File - - 8E3A1F2C1AD381DE052473E19E9E7443
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut millefeuille
Faire un scan de ce fichier msvbah64.dll ici :
https://www.virustotal.com/gui/
Clique sur Parcourir et copie/colle ceci :
c:\windows\system32\msvbah64.dll
Après tu clique sur Envoyer le fichier et attendre le résultat de l'analyse.
Si il te dit que le fichier a déjà été analysé, sélectionne le bouton :
Reanalyse le fichier maintenant et attendre le résultat de l'analyse, poste le résultat au complet.
Poste le résultat au complet
Aide : http://bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm
@++ :)
Faire un scan de ce fichier msvbah64.dll ici :
https://www.virustotal.com/gui/
Clique sur Parcourir et copie/colle ceci :
c:\windows\system32\msvbah64.dll
Après tu clique sur Envoyer le fichier et attendre le résultat de l'analyse.
Si il te dit que le fichier a déjà été analysé, sélectionne le bouton :
Reanalyse le fichier maintenant et attendre le résultat de l'analyse, poste le résultat au complet.
Poste le résultat au complet
Aide : http://bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm
@++ :)
bonjour,
j'ai fait plusieurs tentative d'envoi du fichier et la réponse est toujours la même
0 taille octets reçus / Se ha recibido des Nations Unies archivo vacio
??
est-ce correct ?
merci
j'ai fait plusieurs tentative d'envoi du fichier et la réponse est toujours la même
0 taille octets reçus / Se ha recibido des Nations Unies archivo vacio
??
est-ce correct ?
merci
Salut millefeuille
Télécharge SystemLook sur ton Bureau :
http://jpshortstuff.247fixes.com/SystemLook.exe
- Double-clique sur SystemLook.exe pour le lancer.
- Copie le contenu en gras ci-dessous et colle-le dans la zone texte de SystemLook :
:file
c:\windows\system32\msvbah64.dll
- Clique sur le bouton Look pour démarrer l'examen.
- A la fin, le Bloc-notes s'ouvre avec le résultat de l'analyse. Copie-colle le rapport dans ta prochaine réponse.
@++ :)
Télécharge SystemLook sur ton Bureau :
http://jpshortstuff.247fixes.com/SystemLook.exe
- Double-clique sur SystemLook.exe pour le lancer.
- Copie le contenu en gras ci-dessous et colle-le dans la zone texte de SystemLook :
:file
c:\windows\system32\msvbah64.dll
- Clique sur le bouton Look pour démarrer l'examen.
- A la fin, le Bloc-notes s'ouvre avec le résultat de l'analyse. Copie-colle le rapport dans ta prochaine réponse.
@++ :)
bonjour,
c'est fait
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:58 on 25/05/2010 by Propriétaire (Administrator - Elevation successful)
No Context: c:\windows\system32\msvbah64.dll
-=End Of File=-
c'est fait
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:58 on 25/05/2010 by Propriétaire (Administrator - Elevation successful)
No Context: c:\windows\system32\msvbah64.dll
-=End Of File=-
Salut millefeuille
Télécharge Gmer et enregistre-le sur ton bureau.
http://www2.gmer.net/download.php
- Déconnecte toi d'internet si possible et ferme tous les programmes, puis lance l'outil.
- Clique sur le bouton "Scan" sur la droite.
- Lorsque le scan est terminé, clic sur "Copy".
- Ouvre le bloc-note et clic sur le Menu Edition / Coller
- Le rapport doit alors apparaître.
- Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
@++ :)
Télécharge Gmer et enregistre-le sur ton bureau.
http://www2.gmer.net/download.php
- Déconnecte toi d'internet si possible et ferme tous les programmes, puis lance l'outil.
- Clique sur le bouton "Scan" sur la droite.
- Lorsque le scan est terminé, clic sur "Copy".
- Ouvre le bloc-note et clic sur le Menu Edition / Coller
- Le rapport doit alors apparaître.
- Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
@++ :)
