Sujet Précédent Sujet Suivant

Braviax et ces copains...

Fermé
houlalala - 24 août 2009 à 19:16
 houlalala - 27 août 2009 à 11:50
Bonjour,

j 'ai la chance depuis quelques jours d'avoir braviax et ces petit copains sur mon pc ... malgres la lecture de nombreux post sur ce sujet je n'arrive pas a m'en debarasser tout seul...
si une ame charitable pouvait me donner un tit coup de main...
j 'ai heuresement la chance d'avoir deux pc a coté dont un seul connait les joie de braviax and co ! je suis actuellement sur l'autre pour trouvre la soluce...
merci d'avance

pour info j 'ai essayer avec toute une floppé d'anti spyware et cela n ' rien donné (juste queques coups mais braviax reviend ! (malware, pctool spyware doctor, spyware terminator...
et la je suis en train de faire tourner un sdfix...pour voir ...
j 'ai aussi telecharger hijackthis... mais n'est pas oser de peur de faire n'importe quoi ...
enfin mon antivirus est antivir derniere version ....

merci

34 réponses

  • 1
  • 2
Réponse 1 / 34
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
25 août 2009 à 19:16
Avis aux autres lecteurs, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser sur votre ordinateur !
/!\ Désactive ton antivirus / antispyware résident / TeaTimer de Spybot (si présent)
Désactiver les protections résidentes - Tutoriel
https://forum.pcastuces.com/default.asp
Sélectionne et copie (Ctrl+C) le texte (en bleu) ci-dessous : 
KillAll::
File::
c:\windows\ovewuhoz.dat
c:\windows\system32\ubemogosi.com
FCopy::
c:\windows\Ser­vicePackFiles\i386\ntfs.sys | C:\windows\system32\drivers\ntfs.sys
c:\windows\$Nt­ServicePackUninstall$\ntfs.sys | C:\windows\system32\dllcache\ntfs.sys 
Collect::
C:\Qoobox\Quarantine


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié. (Bloc-Notes: démarrer > Tous les programmes > Accessoires > Bloc-Notes...)
Sauvegarde ce fichier sous le nom de: CFScript.txt
Comme l'image le montre, fais glisser CFScript.txt sur ComboFix.exe
http://apu.mabul.org/up/apu/2008/08/12/img-210914jjufm.gif
Une fenêtre bleue va apparaître; au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises, c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu dans ton prochain message.
Si le fichier ne s'ouvre pas, tu le trouveras dans -> C:\ComboFix.txt

1
Réponse 2 / 34
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
24 août 2009 à 19:20
as tu un pare feu autre que celui de windows?
si non installes en un en priorité et bloque les fichiers TMP qui veulent un accès à internet
ensuite fais ceci

Si tu es d'accord, je te conseille Online armor firewall free

Lien téléchargement :
http://www.tallemu.com/free-firewall-protection-software.html
(Clique sur Download now (download.com) en bas à gauche pour télécharger le setup d'installation en version gratuite )
Tutos :
https://www.malekal.com/tutorial-online-armor-free/


Note : Tu peux décocher la fonction Program guard, qui est une sorte de module HIPS donc un peu difficile à comprendre


Télécharge ComboFix.exe (par sUBs) sur ton Bureau de la façon décrite dans le tutoriel que je te donne, c'est important
https://forum.pcastuces.com/combofix___renommer_au_telechargement-f31s22.htm
suis les consignes et poste le rapport obtenu
0
Réponse 3 / 34
houlalala2001
24 août 2009 à 19:54
merci de ta reactivité
mon pc est normalement branché a un hub qui fait firewall... enfin normalement
je suis en train de faire tourner conbo fix resultat ds quelques minutes...
0
Réponse 4 / 34
houlalala2001
24 août 2009 à 20:15
ComboFix 09-08-23.01 - julie 24/08/2009 19:55.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.87 [GMT 2:00]
Running from: c:\documents and settings\julie\Bureau\bibitte.exe.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\oxokyk.db
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\tezyl.dl
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\PC_Antispyware2010
c:\program files\PC_Antispyware2010\AVEngn.dll
c:\program files\PC_Antispyware2010\data\daily.cvd
c:\program files\PC_Antispyware2010\htmlayout.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg
c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
c:\program files\PC_Antispyware2010\pthreadVC2.dll
c:\program files\PC_Antispyware2010\Uninstall.exe
c:\program files\PC_Antispyware2010\wscui.cpl
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\windows\emMON.exe
c:\windows\Installer\13c379.msp
c:\windows\Installer\13c37a.msp
c:\windows\Installer\13c37b.msp
c:\windows\Installer\13c37c.msp
c:\windows\Installer\13c37d.msp
c:\windows\Installer\3b7d33.msp
c:\windows\Installer\3b7d34.msp
c:\windows\Installer\3b7d35.msp
c:\windows\Installer\3b7d36.msp
c:\windows\Installer\3b7d37.msp
c:\windows\Installer\3b7d38.msp
c:\windows\Installer\3b7d39.msp
c:\windows\Installer\3b7d3a.msp
c:\windows\Installer\3b7d3b.msp
c:\windows\system32\_scui.cpl
c:\windows\system32\braviax.exe
c:\windows\system32\Drivers\bfmn.sys
c:\windows\system32\mdm.exe
c:\windows\system32\wisdstr.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.

2009-08-24 17:05 . 2009-08-24 17:05 579584 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-08-24 17:03 . 2009-08-24 17:03 -------- d-----w- c:\windows\ERUNT
2009-08-22 18:33 . 2009-08-22 18:33 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-22 18:33 . 2009-08-22 18:33 -------- d-----w- c:\program files\MSBuild
2009-08-22 18:32 . 2009-08-22 18:32 -------- d-----w- c:\program files\Reference Assemblies
2009-08-22 18:31 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-22 18:31 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-22 18:31 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-22 18:31 . 2009-08-22 18:32 -------- d-----w- C:\f24615ca3c2e5b69549c0e
2009-08-22 18:31 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-22 18:31 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-22 18:31 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-22 18:31 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-22 18:31 . 2009-08-23 08:44 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-22 17:19 . 2009-08-05 17:29 3036024 ----a-w- c:\documents and settings\julie\Application Data\Simply Super Software\Trojan Remover\bsi18.exe
2009-08-22 15:50 . 2009-08-05 17:29 3036024 ----a-w- c:\documents and settings\julie\Application Data\Simply Super Software\Trojan Remover\jug16.exe
2009-08-22 14:21 . 2009-08-22 14:21 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer
2009-08-22 14:18 . 2009-08-22 14:49 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-22 14:18 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-22 14:18 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-22 14:18 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-22 14:16 . 2009-08-22 14:16 -------- d-----w- c:\program files\Avira
2009-08-22 14:16 . 2009-08-22 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-22 14:16 . 2008-08-07 13:27 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-22 14:16 . 2008-08-07 13:27 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-08-22 13:50 . 2009-08-22 13:50 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-22 13:49 . 2009-08-22 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-22 13:49 . 2009-08-22 13:49 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-08-22 13:49 . 2009-08-22 13:49 -------- d-----w- c:\documents and settings\julie\Application Data\Simply Super Software
2009-08-22 10:19 . 2009-08-24 17:43 117760 ----a-w- c:\documents and settings\julie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-22 10:12 . 2009-08-22 13:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-22 10:12 . 2009-08-22 10:12 -------- d-----w- c:\documents and settings\julie\Application Data\SUPERAntiSpyware.com
2009-08-22 10:06 . 2009-08-05 17:29 3036024 ----a-w- c:\documents and settings\julie\Application Data\Simply Super Software\Trojan Remover\bqk2C.exe
2009-08-22 09:58 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-08-22 09:58 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-08-22 09:58 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-08-22 09:58 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-08-22 09:58 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-08-22 09:57 . 2009-08-22 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-08-22 09:57 . 2009-08-22 13:49 -------- d-----w- c:\program files\Trojan Remover
2009-08-22 09:57 . 2009-08-22 09:57 -------- d-----w- c:\program files\Trend Micro
2009-08-22 07:12 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-22 07:12 . 2009-04-03 08:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-22 07:12 . 2008-12-18 09:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-22 07:12 . 2009-08-24 17:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-22 07:12 . 2009-08-22 07:12 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2009-08-22 07:12 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-22 07:11 . 2009-08-24 17:14 -------- d-----w- c:\program files\Spyware Doctor
2009-08-22 07:11 . 2009-08-22 07:11 -------- d-----w- c:\documents and settings\julie\Application Data\PC Tools
2009-08-22 07:11 . 2009-08-22 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-03 21:33 . 2009-08-03 21:33 -------- d-----w- c:\documents and settings\julie\Application Data\Malwarebytes
2009-08-03 21:33 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 21:33 . 2009-08-03 21:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 21:33 . 2009-08-03 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-03 21:33 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 16:09 . 2009-08-24 17:39 626336 ----a-w- c:\windows\system32\dllcache\ntfs.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-24 18:04 . 2009-06-10 20:38 -------- d-----w- c:\program files\pdfforge Toolbar
2009-08-24 17:42 . 2006-10-07 10:53 48648 ----a-w- c:\documents and settings\julie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-24 17:39 . 2004-08-20 09:23 626336 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-22 18:40 . 2004-08-20 09:24 564702 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-22 18:40 . 2004-08-20 09:24 108842 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-22 07:26 . 2008-09-13 08:56 -------- d-----w- c:\program files\Bonjour
2009-07-20 21:13 . 2007-12-26 22:12 -------- d-----w- c:\program files\TrackMania Nations ESWC
2009-07-10 11:54 . 2009-01-17 15:46 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-16 14:40 . 2004-08-20 09:24 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-08-20 09:23 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-10 20:07 . 2009-06-10 20:07 73216 ----a-w- c:\windows\cadkasdeinst01f.exe
2009-06-03 19:10 . 2004-08-20 09:24 1297408 ----a-w- c:\windows\system32\quartz.dll
1999-04-06 12:27 . 1999-04-06 12:27 99840 ----a-w- c:\program files\Fichiers communs\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Fichiers communs\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Fichiers communs\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Fichiers communs\IRASRIAL.DLL
2006-10-08 12:27 . 2006-10-08 12:27 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-05 11:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2009-08-24 17:39 626336 E86D39DA8D7B1F24A79418C6650C0290 c:\windows\system32\dllcache\ntfs.sys
[-] 2009-08-24 17:39 626336 E86D39DA8D7B1F24A79418C6650C0290 c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-05-04 650752]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WireLessMouse"="c:\program files\Multimedia Keyboard & Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"WireLessKeyboard"="c:\program files\Multimedia Keyboard & Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-08-04 1068424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-03-30 970240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2005-07-06 61440]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2003-10-02 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SDFix"="c:\sdfix\RunThis.bat" [2008-11-05 964661]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-21 110592]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
Symantec Fax Starter Edition Port.lnk - c:\program files\Microsoft Office\Office\1036\OLFSNT40.EXE [1999-4-6 46080]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut\\flatout.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [22/08/2009 09:12 130936]
R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [02/10/2003 04:16 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [27/09/2003 15:37 5504]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16:06 74480]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [22/08/2009 16:18 108289]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [12/01/2006 23:27 13696]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [12/01/2006 23:29 13568]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16:06 7408]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [03/08/2009 23:33 38160]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [20/04/2009 21:46 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [20/04/2009 21:46 7680]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [22/08/2009 09:11 348752]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2009-01-20 c:\windows\Tasks\PMCS_Wakeup633680891563033113.job
- c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe [2007-12-23 21:48]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-DMXLauncher - c:\program files\Dell\Media Experience\DMXLauncher.exe
HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=0060928
uInternet Settings,ProxyOverride = *.local
IE: SYSTRAN: &Effacer le cache de traduction - c:\program files\Systran\Premium\menuClearCache.html
IE: SYSTRAN: &Options - c:\program files\Systran\Premium\menuConfigure.html
IE: SYSTRAN: &Traduire - c:\program files\Systran\Premium\menuTranslate.html
IE: SYSTRAN: En®istrement - c:\program files\Systran\Premium\menuRegister.html
IE: SYSTRAN: Rechercher les &mises à jour - c:\program files\Systran\Premium\menuUpdate.html
IE: SYSTRAN: Traduire les &cadres - c:\program files\Systran\Premium\menuTranslateAll.html
IE: {{703436F1-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuTranslate.html
IE: {{703436F2-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuTranslateAll.html
IE: {{703436F3-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuConfigure.html
IE: {{703436F4-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuClearCache.html
IE: {{703436F5-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuRegister.html
IE: {{703436F6-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuUpdates.html
FF - ProfilePath - c:\documents and settings\julie\Application Data\Mozilla\Firefox\Profiles\ejhu05ya.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 20:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,66,a2,57,65,91,
2a,c4,29,2e,e8,e1,00,eb,16,2b,de,ac,d2,6f,f8,d9,f2,bc,4a,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,7b,5d,b1,d1,ad,
4e,46,6c,46,47,15,b0,92,4b,c7,ef,37,f3,6c,b8,e8,f0,52,3d,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,0a,c5,fb,0c,77,
35,77,ad,7a,45,05,fd,91,e8,6f,31,f0,e5,33,8d,e6,3e,e1,4a,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,77,2e,4d,1c,3d,
d3,aa,be,6b,65,49,6a,7e,99,74,f7,46,fe,41,ca,d1,22,66,37,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,02,3d,0f,61,78,
50,1b,2f,e9,02,6c,fa,fb,1d,47,57,5e,f6,60,b7,29,a1,55,97,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e2,f6,24,53,bb,
b8,0e,8d,50,93,e5,ab,ec,6a,4e,ab,d7,70,62,e7,a7,26,a4,f2,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,56,35,29,31,ca,
4a,79,24,97,20,4e,9a,c7,f1,35,ee,f6,44,b9,96,7f,ca,38,c4,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,3c,98,86,b3,6b,
e5,e8,cc,aa,52,c6,00,84,3c,26,64,50,92,61,0c,7b,26,21,d6,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,c2,45,0e,f8,6a,
fb,b9,2c,b2,46,9a,e2,1b,fe,1b,94,85,61,c0,7a,c1,a1,b3,7e,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,df,97,b2,ab,a9,
3d,c9,51,37,a4,aa,c3,a6,15,56,0a,da,04,73,3e,64,65,fb,4c,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,aa,21,a9,dc,78,
77,12,0e,f8,31,0f,a9,5f,a0,ec,fb,d9,f4,ad,9e,aa,24,39,46,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,eb,ef,e0,d3,97,
17,e6,04,05,73,21,dd,54,d8,4a,c5,15,82,b3,3c,42,8e,3d,d5,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-08-24 20:11
ComboFix-quarantined-files.txt 2009-08-24 18:10

Pre-Run: 17 404 084 224 octets libres
Post-Run: 17 536 483 328 octets libres

350 --- E O F --- 2009-08-22 18:43
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 34
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
24 août 2009 à 20:31
on continue
fais examiner ces fichiers sur virus total, attention même s'ils sont infectés ne les supprime pas, ce sont des fichiers systèmes et tu planterais irrémédiablement ton PC, je veux simplement savoir s'ils sont sains ou pas, s'ils sont infectés on les réparera ensuite!
http://www.virustotal.com/en/indexf.html
c:\windows\$hf­_mig$\KB930916\SP2QFE\ntfs.sys
c:\windows\$Nt­ServicePackUninstall$\ntfs.sys
c:\windows\$Nt­UninstallKB930916$\ntfs.sys
c:\windows\Ser­vicePackFiles\i386\ntfs.sys
c:\windows\sys­tem32\dllcache\ntfs.sys
c:\windows\sys­tem32\drivers\ntfs.sys
c:\windows\system32\dllcache\user32.dl­l
c:\windows\system32\xpsshhdr.dll
c:\windows\system32\dllcache\xpsshhdr.­dll
c:\windows\system32\xpssvcs.dll
c:\windows\system32\dllcache\xpssvcs.­dll
c:\windows\system32\drivers\beep.sys
c:\windows\system32\dllcache\beep.sys
0
Réponse 6 / 34
houlalala2001
24 août 2009 à 20:39
voila pour le premier fichier :
analisis/0c8c8bcd891e410cf66665db99209b8f11ae995572cea740ec29377459cfbeeb-1243573984
0
Réponse 7 / 34
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
24 août 2009 à 20:41
le rapport est incomplet, je ne vois pas s'il est ou pas infecté...
0
Réponse 8 / 34
houlalala2001
24 août 2009 à 20:45
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 5.0.0.2 2009.08.24 -
AntiVir 7.9.1.3 2009.08.24 -
Antiy-AVL 2.0.3.7 2009.08.24 -
Authentium 5.1.2.4 2009.08.23 -
Avast 4.8.1335.0 2009.08.24 -
AVG 8.5.0.406 2009.08.24 -
BitDefender 7.2 2009.08.24 -
CAT-QuickHeal 10.00 2009.08.24 -
ClamAV 0.94.1 2009.08.24 -
Comodo 2079 2009.08.24 -
DrWeb 5.0.0.12182 2009.08.24 -
eSafe 7.0.17.0 2009.08.24 -
eTrust-Vet 31.6.6697 2009.08.24 -
F-Prot 4.4.4.56 2009.08.23 -
F-Secure 8.0.14470.0 2009.08.24 -
Fortinet 3.120.0.0 2009.08.24 -
GData 19 2009.08.24 -
Ikarus T3.1.1.68.0 2009.08.24 -
Jiangmin 11.0.800 2009.08.23 -
K7AntiVirus 7.10.826 2009.08.24 -
Kaspersky 7.0.0.125 2009.08.24 -
McAfee 5719 2009.08.24 -
McAfee+Artemis 5719 2009.08.24 -
McAfee-GW-Edition 6.8.5 2009.08.24 -
Microsoft 1.4903 2009.08.24 -
Norman 2009.08.24 -
nProtect 2009.1.8.0 2009.08.24 -
Panda 10.0.0.14 2009.08.24 -
PCTools 4.4.2.0 2009.08.24 -
Prevx 3.0 2009.08.24 -
Rising 21.43.62.00 2009.08.24 -
Sophos 4.44.0 2009.08.24 -
Sunbelt 3.2.1858.2 2009.08.24 -
Symantec 1.4.4.12 2009.08.24 -
TheHacker 6.3.4.3.386 2009.08.22 -
pardon je colle tout :

TrendMicro 8.950.0.1094 2009.08.24 -
VBA32 3.12.10.9 2009.08.24 -
ViRobot 2009.8.24.1899 2009.08.24 -
VirusBuster 4.6.5.0 2009.08.24 -
Information additionnelle
File size: 574976 bytes
MD5...: 05ab81909514bfd69cbb1f2c147cf6b9
SHA1..: b0675b0d3e62077d34db57045aabc070816f229c
SHA256: 0c8c8bcd891e410cf66665db99209b8f11ae995572cea740ec29377459cfbeeb
ssdeep: 12288:hRm2vSpqnu22TjDB1p3v1p0bCuTlu2o096mNom:78p+u2yd1p/HcCrru6m
No
PEiD..: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
0
Réponse 9 / 34
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
24 août 2009 à 20:46
stp donne moi le chemin de chaque fichier avec le rapport
pour celui ci qui est bon je pense que c'est le 1er ntfs...
0
Réponse 10 / 34
houlalala2001
24 août 2009 à 20:52
ok désolé ... donc :

c:\windows\$Nt­ServicePackUninstall$\ntfs.sys
MD5: 19a811ef5f1ed5c926a028ce107ff1af
First received: 2009.02.16 07:57:28 UTC
Date 2009.08.21 11:02:31 UTC [>3D]
Résultats 0/41
Permalink: analisis/97606850041de4e568188fb28aa3d5b10a4e96db9551a77bc3a17ed67d5d4474-1250852551

c:\windows\$Nt­UninstallKB930916$\ntfs.sys

MD5: b78be402c3f63dd55521f73876951cdd
First received: 2009.02.14 09:13:45 UTC
Date 2009.08.24 18:47:24 UTC [<1D]
Résultats 0/40
Permalink: analisis/020d75527b4814c544820d29ca064e94f2fcb7b1ba011d63e9d2bfd4cf91ba61-1251139644
0
Réponse 11 / 34
houlalala2001
24 août 2009 à 20:58
la suite :

c:\windows\Ser­vicePackFiles\i386\ntfs.sys

MD5: 19a811ef5f1ed5c926a028ce107ff1af
First received: 2009.02.16 07:57:28 UTC
Date 2009.08.21 11:02:31 UTC [>3D]
Résultats 0/41
Permalink: analisis/97606850041de4e568188fb28aa3d5b10a4e96db9551a77bc3a17ed67d5d4474-1250852551
0
Réponse 12 / 34
houlalala2001
24 août 2009 à 21:10
c:\windows\sys­tem32\dllcache\ntfs.sys

celui ci est infecte (d après antivir...) Dans le fichier 'C:\WINDOWS\system32\dllcache\ntfs.sys'
un virus ou un programme indésirable 'RKIT/Kobcka.Patched.62633.6' [trojan] a été détecté.
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.24 Virus.Win32.Protector!IK
AhnLab-V3 5.0.0.2 2009.08.24 -
AntiVir 7.9.1.3 2009.08.24 RKIT/Kobcka.Patched.62633.6
Antiy-AVL 2.0.3.7 2009.08.24 Virus/Win32.Protector
Authentium 5.1.2.4 2009.08.23 -
Avast 4.8.1335.0 2009.08.24 Win32:Cutwail-Y
AVG 8.5.0.406 2009.08.24 -
BitDefender 7.2 2009.08.24 Rootkit.Kobcka.Patched.Gen
CAT-QuickHeal 10.00 2009.08.24 W32.Protector.C
ClamAV 0.94.1 2009.08.24 -
Comodo 2083 2009.08.24 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.08.24 BackDoor.Bulknet.404
eSafe 7.0.17.0 2009.08.24 -
eTrust-Vet 31.6.6697 2009.08.24 -
F-Prot 4.4.4.56 2009.08.23 -
F-Secure 8.0.14470.0 2009.08.24 Virus.Win32.Protector.c
Fortinet 3.120.0.0 2009.08.24 -
GData 19 2009.08.24 Rootkit.Kobcka.Patched.Gen
Ikarus T3.1.1.68.0 2009.08.24 Virus.Win32.Protector
Jiangmin 11.0.800 2009.08.23 -
K7AntiVirus 7.10.826 2009.08.24 -
Kaspersky 7.0.0.125 2009.08.24 Virus.Win32.Protector.c
McAfee 5719 2009.08.24 Generic.dx!dxx
McAfee+Artemis 5719 2009.08.24 Generic.dx!dxx
McAfee-GW-Edition 6.8.5 2009.08.24 Heuristic.LooksLike.Rootkit.HareBot.J
Microsoft 1.4903 2009.08.24 Virus:Win32/Cutwail.G
NOD32 4364 2009.08.24 a variant of Win32/Kryptik.ABX
Norman 2009.08.24 -
nProtect 2009.1.8.0 2009.08.24 -
Panda 10.0.0.14 2009.08.24 Suspicious file
PCTools 4.4.2.0 2009.08.24 -
Prevx 3.0 2009.08.24 -
Rising 21.43.62.00 2009.08.24 -
Sophos 4.44.0 2009.08.24 Troj/NTFSKit-B
Sunbelt 3.2.1858.2 2009.08.24 -
Symantec 1.4.4.12 2009.08.24 -
TheHacker 6.3.4.3.386 2009.08.22 -
TrendMicro 8.950.0.1094 2009.08.24 -
VBA32 3.12.10.9 2009.08.24 -
ViRobot 2009.8.24.1899 2009.08.24 -
VirusBuster 4.6.5.0 2009.08.24 -
Information additionnelle
File size: 626336 bytes
MD5...: e86d39da8d7b1f24a79418c6650c0290
SHA1..: 161af84c767f84bc7ef9dd84a549b7409ac17ec5
SHA256: 4d33b0cee9a1dfd46afae438c6f6d05632ab32ddade198b536827f16977488e6
ssdeep: 12288:8uh1xqxz58/mV1OeoHli/Hk08Q3UlyGNdRWJ5K9QZ4eRA89UEPpDSQCX+7
COPNTG:LPlivk08Q3UlvNdR2Hy8KEBDSQ7COPNT
PEiD..: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.5%)
DOS Executable Generic (49.5%)
VXD Driver (0.7%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)


c:\windows\sys­tem32\drivers\ntfs.sys
Dans le fichier 'C:\WINDOWS\system32\drivers\ntfs.sys'
un virus ou un programme indésirable 'RKIT/Kobcka.Patched.62633.6' [trojan] a été détecté.
0
Réponse 13 / 34
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
24 août 2009 à 21:15
pas trop grave on va le réparer
continue
0
Réponse 14 / 34
houlalala2001
24 août 2009 à 21:17
c:\windows\sys­tem32\drivers\ntfs.sys
http://www.virustotal.com/fr/analisis/4d33b0cee9a1dfd46afae438c6f6d05632ab32ddade198b536827f16977488e6-1251141599

c:\windows\system32\dllcache\user32.dl­l
http://www.virustotal.com/fr/analisis/f06da9ccea0f1fb5e9b1bf66b589f97b3b3e2cb557a58ba672c7b2a4ec9cb10e-1251141734

c:\windows\system32\xpsshhdr.dll
http://www.virustotal.com/fr/analisis/cb78f39219d6b17bc5da4115d83f6c8cfe0ccd7f532ec3febce7aa498e91d0d6-1251142029
0
Réponse 15 / 34
houlalala2001
24 août 2009 à 21:27
on continue :
c:\windows\system32\xpsshhdr.dlll
http://www.virustotal.com/fr/analisis/cb78f39219d6b17bc5da4115d83f6c8cfe0ccd7f532ec3febce7aa498e91d0d6-1251142029

c:\windows\system32\dllcache\xpsshhdr.­dll
http://www.virustotal.com/fr/analisis/cb78f39219d6b17bc5da4115d83f6c8cfe0ccd7f532ec3febce7aa498e91d0d6-1251142172


c:\windows\system32\xpssvcs.dll
http://www.virustotal.com/fr/analisis/2f0f402c9073fd4faa888750bbbbc889ba74f457cc73f743faeba192f9058b02-1251142412

c:\windows\system32\dllcache\xpssvcs.­dll
http://www.virustotal.com/fr/analisis/2f0f402c9073fd4faa888750bbbbc889ba74f457cc73f743faeba192f9058b02-1251142469

c:\windows\system32\drivers\beep.sys
http://www.virustotal.com/fr/analisis/5a81a46a3bdd19dafc6c87d277267a5d44f3a1b5302f2cc1111d84b7bad5610d-1251142536

c:\windows\system32\dllcache\beep.sys
http://www.virustotal.com/fr/analisis/5a81a46a3bdd19dafc6c87d277267a5d44f3a1b5302f2cc1111d84b7bad5610d-1251142685

et voila ... ca n a pas l'air fameux !
0
Réponse 16 / 34
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
24 août 2009 à 21:46
suis ce tuto
https://forum.malekal.com/viewtopic.php?t=19657&start=
et utilise WinFilsReplace pour remplacer les fichiers patchés par l'infection comme indiqué sur le tuto

C:\windows\system32\drivers\ntfs.sys
C:\windows\system32\dllcache\ntfs.sys
poste moi le rapport de WinFileReplace
0
Réponse 17 / 34
houlalala2001
25 août 2009 à 13:02
bonjour

hier soir WinFilsReplace n 'as pas remplacer les fichiers en indiquant qu'il n existait pas sur sp3... et n a pas non plus réaliser de rapport...
aujourdhui je viens d'allummer le pc et spybot antivir trouvent braviax, fraudo... et tout leurs copains...
que dois je faire svp
je suis dispo encore une demi heure puis ce soir a partir de 18 h

merci
0
Réponse 18 / 34
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
25 août 2009 à 14:50
l'infection s'est relancée...les fichiers patchés n'ayant pas été remplacés...
quelle est ta version de xp? tu as le SP3?
on va essayer autrement
supprime ta version de combofix renommé
retélécharge le en renommant comme je te l'avais indiqué
lance le et scanne ton pc puis poste le rapport obtenu.
0
Réponse 19 / 34
houlalala2001
25 août 2009 à 18:44
ComboFix 09-08-24.06 - julie 25/08/2009 18:24.2.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.269 [GMT 2:00]
Running from: c:\documents and settings\julie\Bureau\bebette.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\birasiru.sys
c:\documents and settings\All Users\Application Data\omar.dl
c:\documents and settings\All Users\Application Data\wyhiso.bat
c:\documents and settings\All Users\Documents\anyj.exe
c:\documents and settings\All Users\Documents\nogixi.reg
c:\documents and settings\LocalService\Local Settings\Application Data\azypyzyfini.bat
c:\documents and settings\LocalService\Local Settings\Application Data\danexy.vbs
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\Fichiers communs\lizaquwelu.com
c:\program files\Fichiers communs\okotemesor.exe
c:\program files\Fichiers communs\opoqowenox._dl
c:\program files\Fichiers communs\xarimolugy.pif
c:\windows\cuvire.bin
c:\windows\idekilo.inf
c:\windows\muxaryju.reg
c:\windows\pican.inf
c:\windows\system32\braviax.exe
c:\windows\system32\codewe.dll
c:\windows\system32\fehucyw.inf
c:\windows\system32\ilunarek.inf
c:\windows\system32\itasef.sys
c:\windows\veso.inf

.
((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))
.

2009-08-25 11:41 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-24 21:13 . 2009-08-24 21:13 -------- d-----w- C:\FR-files
2009-08-24 20:17 . 2009-08-24 20:17 1924440 ----a-w- c:\documents and settings\julie\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-08-24 20:06 . 2009-08-24 21:15 -------- d-----w- C:\WinFileReplace
2009-08-24 17:48 . 2009-08-24 17:48 14600 ----a-w- c:\windows\ovewuhoz.dat
2009-08-24 17:48 . 2009-08-24 17:48 12074 ----a-w- c:\windows\system32\ubemogosi.com
2009-08-24 17:05 . 2009-08-24 17:05 579584 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-08-24 17:03 . 2009-08-24 17:03 -------- d-----w- c:\windows\ERUNT
2009-08-22 18:33 . 2009-08-22 18:33 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-22 18:33 . 2009-08-22 18:33 -------- d-----w- c:\program files\MSBuild
2009-08-22 18:32 . 2009-08-22 18:32 -------- d-----w- c:\program files\Reference Assemblies
2009-08-22 18:31 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-22 18:31 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-22 18:31 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-22 18:31 . 2009-08-22 18:32 -------- d-----w- C:\f24615ca3c2e5b69549c0e
2009-08-22 18:31 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-22 18:31 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-22 18:31 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-22 18:31 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-22 18:31 . 2009-08-23 08:44 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-22 17:19 . 2009-08-05 17:29 3036024 ----a-w- c:\documents and settings\julie\Application Data\Simply Super Software\Trojan Remover\bsi18.exe
2009-08-22 15:50 . 2009-08-05 17:29 3036024 ----a-w- c:\documents and settings\julie\Application Data\Simply Super Software\Trojan Remover\jug16.exe
2009-08-22 14:21 . 2009-08-22 14:21 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer
2009-08-22 14:18 . 2009-08-22 14:49 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-22 14:18 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-22 14:18 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-22 14:18 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-22 14:16 . 2009-08-22 14:16 -------- d-----w- c:\program files\Avira
2009-08-22 14:16 . 2009-08-22 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-22 14:16 . 2008-08-07 13:27 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-22 14:16 . 2008-08-07 13:27 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-08-22 13:50 . 2009-08-22 13:50 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-22 13:49 . 2009-08-22 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-22 13:49 . 2009-08-22 13:49 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-08-22 13:49 . 2009-08-22 13:49 -------- d-----w- c:\documents and settings\julie\Application Data\Simply Super Software
2009-08-22 10:19 . 2009-08-25 16:12 117760 ----a-w- c:\documents and settings\julie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-22 10:12 . 2009-08-22 13:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-22 10:12 . 2009-08-22 10:12 -------- d-----w- c:\documents and settings\julie\Application Data\SUPERAntiSpyware.com
2009-08-22 10:06 . 2009-08-05 17:29 3036024 ----a-w- c:\documents and settings\julie\Application Data\Simply Super Software\Trojan Remover\bqk2C.exe
2009-08-22 09:58 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-08-22 09:58 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-08-22 09:58 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-08-22 09:58 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-08-22 09:58 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-08-22 09:57 . 2009-08-22 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-08-22 09:57 . 2009-08-22 13:49 -------- d-----w- c:\program files\Trojan Remover
2009-08-22 09:57 . 2009-08-22 09:57 -------- d-----w- c:\program files\Trend Micro
2009-08-22 07:12 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-22 07:12 . 2009-04-03 08:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-22 07:12 . 2008-12-18 09:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-22 07:12 . 2009-08-24 17:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-22 07:12 . 2009-08-22 07:12 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2009-08-22 07:12 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-22 07:11 . 2009-08-24 17:14 -------- d-----w- c:\program files\Spyware Doctor
2009-08-22 07:11 . 2009-08-22 07:11 -------- d-----w- c:\documents and settings\julie\Application Data\PC Tools
2009-08-22 07:11 . 2009-08-22 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 21:33 . 2009-08-03 21:33 -------- d-----w- c:\documents and settings\julie\Application Data\Malwarebytes
2009-08-03 21:33 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 21:33 . 2009-08-03 21:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 21:33 . 2009-08-03 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-03 21:33 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-24 18:04 . 2009-06-10 20:38 -------- d-----w- c:\program files\pdfforge Toolbar
2009-08-24 17:48 . 2009-08-24 17:48 12563 ----a-w- c:\documents and settings\LocalService\Application Data\ifum.dat
2009-08-24 17:42 . 2006-10-07 10:53 48648 ----a-w- c:\documents and settings\julie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 18:40 . 2004-08-20 09:24 564702 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-22 18:40 . 2004-08-20 09:24 108842 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-22 07:26 . 2008-09-13 08:56 -------- d-----w- c:\program files\Bonjour
2009-08-05 09:00 . 2004-08-20 09:23 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-20 21:13 . 2007-12-26 22:12 -------- d-----w- c:\program files\TrackMania Nations ESWC
2009-07-17 19:03 . 2004-08-20 09:23 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-20 09:24 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 11:54 . 2009-01-17 15:46 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-29 15:57 . 2004-08-20 09:24 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:57 . 2004-08-20 09:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 2004-08-20 09:23 17408 ------w- c:\windows\system32\corpol.dll
2009-06-16 14:40 . 2004-08-20 09:24 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-08-20 09:23 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:44 . 2004-08-20 09:24 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 20:07 . 2009-06-10 20:07 73216 ----a-w- c:\windows\cadkasdeinst01f.exe
2009-06-10 14:14 . 2004-08-20 09:23 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2004-08-20 09:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-20 09:24 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2004-08-20 09:24 1297408 ----a-w- c:\windows\system32\quartz.dll
1999-04-06 12:27 . 1999-04-06 12:27 99840 ----a-w- c:\program files\Fichiers communs\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Fichiers communs\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Fichiers communs\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Fichiers communs\IRASRIAL.DLL
2006-10-08 12:27 . 2006-10-08 12:27 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-08-24_18.05.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-25 16:11 . 2009-08-25 16:11 16384 c:\windows\Temp\Perflib_Perfdata_124.dat
- 2004-08-20 09:24 . 2009-04-29 04:45 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-20 09:24 . 2009-06-29 15:57 44544 c:\windows\system32\pngfilt.dll
+ 2007-08-13 17:54 . 2009-06-29 15:57 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 17:54 . 2009-04-29 04:45 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-20 09:23 . 2009-06-29 15:57 27648 c:\windows\system32\jsproxy.dll
- 2004-08-20 09:23 . 2009-04-29 04:45 27648 c:\windows\system32\jsproxy.dll
- 2007-08-13 17:39 . 2009-04-28 09:06 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 17:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-20 09:23 . 2009-06-29 15:57 44544 c:\windows\system32\iernonce.dll
- 2004-08-20 09:23 . 2009-04-29 04:45 44544 c:\windows\system32\iernonce.dll
- 2004-08-20 09:23 . 2009-04-28 09:06 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-20 09:23 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 17:36 . 2009-06-29 15:57 63488 c:\windows\system32\icardie.dll
- 2007-08-13 17:36 . 2009-04-29 04:45 63488 c:\windows\system32\icardie.dll
+ 2009-06-15 10:44 . 2009-06-15 10:44 78848 c:\windows\system32\dllcache\telnet.exe
+ 2006-09-28 14:23 . 2009-06-29 15:57 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2006-09-28 14:23 . 2009-04-29 04:45 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-12-23 17:55 . 2009-06-29 15:57 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-12-23 17:55 . 2009-04-29 04:45 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-09-28 14:23 . 2009-06-29 15:57 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2006-09-28 14:23 . 2009-04-29 04:45 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-12-23 17:55 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-12-23 17:55 . 2009-04-28 09:06 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-08-13 17:39 . 2009-04-29 04:45 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 17:39 . 2009-06-29 15:57 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 17:10 . 2009-06-29 15:57 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 17:10 . 2009-04-29 04:45 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 17:39 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 17:39 . 2009-04-28 09:06 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-12-23 17:55 . 2009-06-29 15:57 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-12-23 17:55 . 2009-04-29 04:45 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-06-29 15:57 . 2009-06-29 15:57 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-10 14:14 . 2009-06-10 14:14 85504 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:03 . 2009-07-17 19:03 58880 c:\windows\system32\dllcache\atl.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-08-25 11:57 . 2009-04-28 09:06 13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-08-25 11:57 . 2009-04-29 04:45 44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-08-25 11:57 . 2009-04-28 09:06 70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-08-25 11:57 . 2009-04-29 04:45 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-08-25 11:57 . 2008-04-14 02:33 35328 c:\windows\ie7updates\KB972260-IE7\corpol.dll
+ 2004-08-20 09:24 . 2009-06-29 15:57 233472 c:\windows\system32\webcheck.dll
- 2004-08-20 09:24 . 2009-04-29 04:45 233472 c:\windows\system32\webcheck.dll
- 2004-08-20 09:24 . 2009-04-29 04:45 105984 c:\windows\system32\url.dll
+ 2004-08-20 09:24 . 2009-06-29 15:57 105984 c:\windows\system32\url.dll
- 2004-08-20 09:23 . 2009-04-29 04:45 102912 c:\windows\system32\occache.dll
+ 2004-08-20 09:23 . 2009-06-29 15:57 102912 c:\windows\system32\occache.dll
+ 2004-08-20 09:23 . 2009-06-29 15:57 671232 c:\windows\system32\mstime.dll
- 2004-08-20 09:23 . 2009-04-29 04:45 671232 c:\windows\system32\mstime.dll
- 2004-08-20 09:23 . 2009-04-29 04:45 193024 c:\windows\system32\msrating.dll
+ 2004-08-20 09:23 . 2009-06-29 15:57 193024 c:\windows\system32\msrating.dll
- 2004-08-20 09:23 . 2009-04-29 04:45 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-20 09:23 . 2009-06-29 15:57 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 17:54 . 2009-04-29 04:45 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 17:54 . 2009-06-29 15:57 459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 17:34 . 2009-04-29 04:45 268288 c:\windows\system32\iertutil.dll
+ 2007-08-13 17:34 . 2009-06-29 15:57 268288 c:\windows\system32\iertutil.dll
- 2004-08-20 09:23 . 2009-04-29 04:45 385024 c:\windows\system32\iedkcs32.dll
+ 2004-08-20 09:23 . 2009-06-29 15:57 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 11:27 . 2009-06-29 15:57 380928 c:\windows\system32\ieapfltr.dll
- 2004-08-20 09:23 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll
+ 2004-08-20 09:23 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
+ 2004-08-20 09:23 . 2009-06-29 15:57 230400 c:\windows\system32\ieaksie.dll
- 2004-08-20 09:23 . 2009-04-29 04:45 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-20 09:23 . 2009-06-29 15:57 153088 c:\windows\system32\ieakeng.dll
- 2004-08-20 09:23 . 2009-04-29 04:45 153088 c:\windows\system32\ieakeng.dll
- 2004-08-20 09:23 . 2009-04-29 04:45 133120 c:\windows\system32\extmgr.dll
+ 2004-08-20 09:23 . 2009-06-29 15:57 133120 c:\windows\system32\extmgr.dll
- 2004-08-20 09:23 . 2009-04-29 04:45 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-20 09:23 . 2009-06-29 15:57 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-20 09:23 . 2009-06-29 15:57 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-20 09:23 . 2009-04-29 04:45 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-20 09:23 . 2008-04-13 19:15 574976 c:\windows\system32\drivers\ntfs.sys
+ 2009-07-13 21:43 . 2009-07-13 21:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:15 . 2009-06-10 06:15 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2006-09-28 14:23 . 2009-06-29 15:57 827392 c:\windows\system32\dllcache\wininet.dll
- 2006-09-28 14:23 . 2009-04-29 04:45 827392 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-13 17:54 . 2009-06-29 15:57 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-13 17:54 . 2009-04-29 04:45 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-13 17:44 . 2009-04-29 04:45 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 17:44 . 2009-06-29 15:57 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 17:44 . 2009-06-29 15:57 102912 c:\windows\system32\dllcache\occache.dll
- 2007-08-13 17:44 . 2009-04-29 04:45 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-20 09:23 . 2008-04-13 19:15 574976 c:\windows\system32\dllcache\ntfs.sys
+ 2006-09-28 14:23 . 2009-06-29 15:57 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-09-28 14:23 . 2009-04-29 04:45 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-09-28 14:23 . 2009-04-29 04:45 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-09-28 14:23 . 2009-06-29 15:57 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-09-28 14:23 . 2009-06-29 15:57 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2006-09-28 14:23 . 2009-04-29 04:45 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-12-23 17:55 . 2009-06-29 15:57 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2007-12-23 17:55 . 2009-04-29 04:45 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-08-13 17:43 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe
- 2007-12-23 17:55 . 2009-04-29 04:45 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-12-23 17:55 . 2009-06-29 15:57 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-08-13 17:39 . 2009-06-29 15:57 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-13 17:39 . 2009-04-29 04:45 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-12-23 17:55 . 2009-06-29 15:57 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2007-08-13 16:56 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 16:56 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 17:39 . 2009-06-29 15:57 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-13 17:39 . 2009-04-29 04:45 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 17:39 . 2009-06-29 15:57 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-13 17:39 . 2009-04-29 04:45 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2006-09-28 14:23 . 2009-04-29 04:45 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-09-28 14:23 . 2009-06-29 15:57 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-09-28 14:23 . 2009-06-29 15:57 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-09-28 14:23 . 2009-04-29 04:45 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-09-28 14:23 . 2009-04-29 04:45 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-09-28 14:23 . 2009-06-29 15:57 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 17:39 . 2009-06-29 15:57 124928 c:\windows\system32\dllcache\advpack.dll
- 2007-08-13 17:39 . 2009-04-29 04:45 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-20 09:23 . 2009-06-29 15:57 124928 c:\windows\system32\advpack.dll
- 2004-08-20 09:23 . 2009-04-29 04:45 124928 c:\windows\system32\advpack.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 827392 c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 105984 c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-08-25 11:57 . 2009-05-26 11:40 406392 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-08-25 11:57 . 2008-07-08 13:03 234872 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-08-25 11:57 . 2009-04-29 04:45 102912 c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-08-25 11:57 . 2009-04-25 05:27 636088 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-08-25 11:57 . 2009-04-29 04:45 268288 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 385024 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-08-25 11:57 . 2009-04-25 05:26 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll
- 2004-08-20 09:24 . 2009-04-29 04:45 1159680 c:\windows\system32\urlmon.dll
+ 2004-08-20 09:24 . 2009-06-29 15:57 1159680 c:\windows\system32\urlmon.dll
+ 2004-08-20 09:23 . 2009-07-19 13:29 3597824 c:\windows\system32\mshtml.dll
+ 2007-08-13 17:54 . 2009-07-19 13:29 6067200 c:\windows\system32\ieframe.dll
+ 2007-02-12 15:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2006-09-28 14:23 . 2009-06-29 15:57 1159680 c:\windows\system32\dllcache\urlmon.dll
- 2006-09-28 14:23 . 2009-04-29 04:45 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2009-06-10 07:21 . 2009-06-10 07:21 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2006-05-19 07:09 . 2009-07-19 13:29 3597824 c:\windows\system32\dllcache\mshtml.dll
+ 2007-12-23 17:55 . 2009-07-19 13:29 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2007-12-23 17:55 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-08-25 11:57 . 2009-04-29 04:45 1159680 c:\windows\ie7updates\KB972260-IE7\urlmon.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 3596288 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
+ 2009-08-25 11:57 . 2009-04-29 04:45 6066176 c:\windows\ie7updates\KB972260-IE7\ieframe.dll
+ 2009-08-25 11:57 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat
+ 2004-08-20 09:24 . 2009-07-13 21:43 10841088 c:\windows\system32\wmp.dll
+ 2007-12-23 17:39 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2009-07-13 21:43 . 2009-07-13 21:43 10841088 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-05-04 650752]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WireLessMouse"="c:\program files\Multimedia Keyboard & Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"WireLessKeyboard"="c:\program files\Multimedia Keyboard & Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-08-04 1068424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-03-30 970240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2005-07-06 61440]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2003-10-02 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-21 110592]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
Symantec Fax Starter Edition Port.lnk - c:\program files\Microsoft Office\Office\1036\OLFSNT40.EXE [1999-4-6 46080]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut\\flatout.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [22/08/2009 09:12 130936]
R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [02/10/2003 04:16 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [27/09/2003 15:37 5504]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16:06 74480]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [22/08/2009 16:18 108289]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [12/01/2006 23:27 13696]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [12/01/2006 23:29 13568]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16:06 7408]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [20/04/2009 21:46 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [20/04/2009 21:46 7680]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [22/08/2009 09:11 348752]
.
Contents of the 'Scheduled Tasks' folder

2009-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2009-01-20 c:\windows\Tasks\PMCS_Wakeup633680891563033113.job
- c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe [2007-12-23 21:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=0060928
uInternet Settings,ProxyOverride = *.local
IE: SYSTRAN: &Effacer le cache de traduction - c:\program files\Systran\Premium\menuClearCache.html
IE: SYSTRAN: &Options - c:\program files\Systran\Premium\menuConfigure.html
IE: SYSTRAN: &Traduire - c:\program files\Systran\Premium\menuTranslate.html
IE: SYSTRAN: En®istrement - c:\program files\Systran\Premium\menuRegister.html
IE: SYSTRAN: Rechercher les &mises à jour - c:\program files\Systran\Premium\menuUpdate.html
IE: SYSTRAN: Traduire les &cadres - c:\program files\Systran\Premium\menuTranslateAll.html
IE: {{703436F1-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuTranslate.html
IE: {{703436F2-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuTranslateAll.html
IE: {{703436F3-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuConfigure.html
IE: {{703436F4-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuClearCache.html
IE: {{703436F5-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuRegister.html
IE: {{703436F6-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuUpdates.html
FF - ProfilePath - c:\documents and settings\julie\Application Data\Mozilla\Firefox\Profiles\ejhu05ya.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 18:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-08-25 18:36
ComboFix-quarantined-files.txt 2009-08-25 16:36
ComboFix2.txt 2009-08-24 18:11

Pre-Run: 16 855 916 544 octets libres
Post-Run: 16 824 737 792 octets libres

472 --- E O F --- 2009-08-25 11:58
0
Réponse 20 / 34
houlalala2001
25 août 2009 à 18:46
et voila ... et oui j ai bien le sp3
0

Discussions similaires

Nouveaux avis de recherche copain d'avant
capucinette -
capucinette -

2 réponses
Comment savoir qui a visité notre profil copain d'avant et facebook ?
anonyme -
anonyme -

3 réponses
est ce possible de voir qui viens visiter notre profil, sur copain d'avant ?
anonyme -
anonyme -

1 réponse
je voudrais accéder à mon compte copains d'avant
alice.allio -
Utilisateur anonyme -

1 réponse
Perte de mes anciens accès pour Copain D'Avant
Cslingue -
Utilisateur anonyme -

4 réponses