2 rapore de combofix

le premier rapport sur mon premier PC

ComboFix 09-09-01.07 - Administrateur 03/09/2009 1:46.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.502.163 [GMT 1:00]
Running from: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AhnRpta.exe
c:\windows\Fonts\AcadEref.ttf
c:\windows\Installer\1c9aa9c.msi
c:\windows\Installer\3afb3fb.msi

.
((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.

2009-08-30 18:12 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 13:40 . 2009-08-11 13:42 -------- d-----w- C:\Luxor
2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 17:47 . 2009-08-04 17:47 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Winamp Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 00:51 . 2009-04-11 07:25 673312 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-03 00:30 . 2009-04-11 07:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-03 00:30 . 2009-05-15 12:47 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-03 00:29 . 2009-04-11 07:25 66992 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-03 00:29 . 2009-04-11 07:25 447596 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-03 00:29 . 2009-04-11 07:25 33331232 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-31 11:46 . 2008-11-14 18:09 -------- d--h--w- c:\documents and settings\Administrateur\Application Data\Skype
2009-08-31 11:36 . 2009-02-12 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-31 11:25 . 2008-11-14 18:10 -------- d--h--w- c:\documents and settings\Administrateur\Application Data\skypePM
2009-08-05 09:00 . 2008-11-14 19:03 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:47 . 2009-06-04 19:41 -------- d--h--w- c:\documents and settings\Administrateur\Application Data\DMCache
2009-08-02 16:48 . 2009-07-27 17:53 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Winamp
2009-07-27 18:34 . 2009-07-27 18:07 -------- d-----w- c:\documents and settings\Administrateur\Application Data\CVitae
2009-07-27 18:07 . 2009-07-27 18:07 -------- d-----w- c:\program files\CVitae
2009-07-27 18:01 . 2009-07-27 18:01 -------- d-----w- c:\program files\Winamp Toolbar
2009-07-27 18:01 . 2009-07-27 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2009-07-27 17:50 . 2009-07-27 17:50 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Media Player Classic
2009-07-25 20:45 . 2008-11-14 18:09 -------- d-----w- c:\program files\Google
2009-07-25 20:24 . 2009-05-03 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-25 18:55 . 2009-06-04 19:41 -------- d--h--w- c:\documents and settings\Administrateur\Application Data\IDM
2009-07-25 18:01 . 2009-07-25 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-25 16:20 . 2009-03-07 19:20 -------- d-----w- c:\program files\Copernic Agent
2009-07-25 15:15 . 2008-11-14 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-17 19:03 . 2002-08-29 10:44 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2004-08-19 23:09 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 05:16 . 2009-07-11 05:16 -------- d-----w- c:\program files\VirginMega
2009-07-11 05:16 . 2009-01-08 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-07-11 02:57 . 2009-03-22 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-10 22:47 . 2009-02-12 06:40 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-07-10 22:47 . 2009-01-23 11:08 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-07-10 22:47 . 2008-11-14 19:08 -------- d-----w- c:\program files\Yahoo!
2009-07-10 22:47 . 2009-02-11 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-07-10 22:47 . 2009-01-25 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-07-10 22:47 . 2009-01-25 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-06 22:27 . 2009-03-09 21:27 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-03 16:57 . 2006-06-23 12:28 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:26 . 2002-08-29 10:44 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2002-08-29 10:44 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2002-08-29 10:44 736768 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2002-08-29 10:44 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2001-10-02 18:19 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2005-06-15 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2001-10-02 18:18 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-17 07:29 . 2009-06-09 20:51 219128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-16 14:40 . 2001-10-02 18:19 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-02 18:17 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:44 . 2002-08-29 10:45 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2002-08-29 10:45 82944 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:14 . 2002-08-29 10:44 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:21 . 2008-11-14 15:33 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2001-10-02 18:19 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 18:36 . 2008-11-19 20:38 111984 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 08:40 . 2001-10-02 18:18 82362 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-06 08:40 . 2001-10-02 18:18 504784 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-06 08:40 . 2009-03-07 18:52 46772 ----a-w- c:\windows\system32\perfc040.dat
2009-06-06 08:40 . 2009-03-07 18:52 364414 ----a-w- c:\windows\system32\perfh040.dat
.

------- Sigcheck -------

[-] 2004-08-19 23:09 978432 C2E06CB7CFB5DBD8767DDD5E2E18CF71 c:\windows\explorer.exe
[-] 2004-08-19 23:09 978432 C2E06CB7CFB5DBD8767DDD5E2E18CF71 c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Converter Registry Controller

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=e:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" -atboottime
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"e:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"e:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [15/05/2009 13:46 55152]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 13:28 24592]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 i740;i740;c:\windows\system32\drivers\i740nt5.sys [14/11/2008 18:49 58592]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25/01/2009 19:05 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [25/01/2009 19:05 8320]
S3 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [14/05/2009 12:58 604416]
S4 TwonkyMedia;TwonkyMedia;e:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> e:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-09-03 c:\windows\Tasks\GlaryInitialize.job
- e:\program files\Glary Utilities\initialize.exe [2009-07-11 15:55]

2009-09-03 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:42]

2009-09-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-09-03 c:\windows\Tasks\User_Feed_Synchronization-{CA89DF4F-3844-4345-9136-E07CDEB0050D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{A8F9752D-E2B8-4E7A-86B5-499F4330E2FE} - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Télécharger avec IDM - e:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - e:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - e:\program files\Internet Download Manager\IEGetAll.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\puo45m0p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: e:\program files\realPlayer\Netscape6\nppl3260.dll
FF - plugin: e:\program files\realPlayer\Netscape6\nprjplug.dll
FF - plugin: e:\program files\realPlayer\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: browser.sessionstore.resume_from_crash - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 01:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-527237240-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,80,9d,bf,83,ed,0c,42,86,9e,7e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,29,a2,d8,0a,b3,b4,49,a7,f2,09,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{48d7e568-a1c1-4f63-ba1a-ff9f4702e755}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cd
"Therad"=dword:00000028
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):47,76,1b,d1,5f,f5,c8,2d,42,10,04,ea,ad,db,95,e9,5b,22,31,07,97,
52,e2,4e,21,84,72,76,dd,83,ac,5a,5a,d1,9f,9b,7f,f8,50,4e,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D9EEA93-DD59-68FD-2527E621161D0237}\{C35E9742-B8BD-06C7-FA5575747B82F58D}\{7D561727-4D3E-D313-4CFAAB3C00BB0207}*]
"N3ON3SCQTOHKQM23SBHY163HKH1"=hex:01,00,01,00,00,00,00,00,fa,de,c6,7c,16,d0,d3,
6d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A73A7B6D-D5C7-2D01-6A3ED58A203D5FEA}\{958FE6C0-B367-4AD6-C310294BFC5DB709}\{E2E9EAF6-387C-4947-07B2C800F4ACC9F3}*]
"N3ON3SCQTOHKQM23SBHY163HKH1"=hex:01,00,01,00,00,00,00,00,fa,de,c6,7c,16,d0,d3,
6d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EE14E6F1-2126-B92D-85C1E367ED532B77}\{B41DACD9-CA91-C5AB-B721AF64407C4FEE}\{02A113E6-1FE6-618B-B5A2DF9FB3CCBD20}*]
"N3ON3SCQTOHKQM23SBHY163HKH1"=hex:01,00,01,00,00,00,00,00,fa,de,c6,7c,16,d0,d3,
6d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\x2æwÿÿÿÿ_åwÿcÑw*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1104)
c:\windows\system32\klogon.dll
.
Completion time: 2009-09-03 1:53
ComboFix-quarantined-files.txt 2009-09-03 00:53

Pre-Run: 34 373 279 744 octets libres
Post-Run: 34 360 397 824 octets libres

265 --- E O F --- 2009-09-02 21:10



le deuxième rapport sur mon deuxième PC


ComboFix 09-09-01.07 - BRAHIMI 03/09/2009 3:35.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.33.1033.18.2037.1045 [GMT 2:00]
Running from: c:\users\BRAHIMI\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\windows\Fonts\AcadEref.ttf
c:\windows\Installer\110776d.msp
c:\windows\Installer\1107776.msp
c:\windows\Installer\110777f.msp
c:\windows\Installer\34f70a.msi
c:\windows\Installer\6b9e4b.msi
c:\windows\Installer\78342.msi
c:\windows\Installer\897bc.msp

.
((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.

2009-09-03 01:40 . 2009-09-03 01:40 -------- d-----w- c:\users\BRAHIMI\AppData\Local\temp
2009-09-02 02:58 . 2009-09-02 02:58 -------- d-----w- c:\users\BRAHIMI\AppData\Roaming\Avira
2009-09-02 02:56 . 2009-09-02 02:55 28672 ---h--w- c:\users\BRAHIMI\mhi.exe
2009-09-02 02:45 . 2009-09-02 02:45 -------- d-----w- c:\users\BRAHIMI\AppData\Roaming\Template
2009-09-02 00:16 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 00:16 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 11:40 . 2009-09-01 11:40 -------- d-----w- c:\progra~2\Adobe Systems
2009-08-31 17:45 . 2009-08-31 18:15 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-31 17:45 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-31 17:45 . 2009-08-31 17:45 -------- d-----w- c:\progra~2\Avira
2009-08-31 17:45 . 2009-08-31 17:45 -------- d-----w- c:\program files\Avira
2009-08-31 15:09 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-27 14:54 . 2009-07-15 18:00 172032 ----a-w- c:\windows\system32\igfxres.dll
2009-08-17 16:17 . 2009-08-17 16:21 -------- d-----w- c:\program files\CyberLink
2009-08-16 21:54 . 2009-08-31 14:03 -------- d-----w- c:\users\BRAHIMI\AppData\Roaming\dvdcss
2009-08-16 21:53 . 2009-08-16 21:54 -------- d-----w- c:\users\BRAHIMI\AppData\Roaming\vlc
2009-08-13 20:27 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 19:36 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 19:35 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 19:33 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-09 13:18 . 2009-08-09 13:18 -------- d-----w- c:\progra~2\eMule
2009-08-05 18:28 . 2009-08-05 18:28 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 01:11 . 2009-03-27 14:15 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-02 03:22 . 2009-03-26 20:03 -------- d-----w- c:\program files\Dell
2009-09-02 03:20 . 2009-03-26 20:04 -------- d-----w- c:\progra~2\Dell
2009-09-02 00:49 . 2009-04-01 02:17 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-08-31 17:40 . 2009-03-29 18:37 -------- d-----w- c:\progra~2\Kaspersky Lab
2009-08-30 17:40 . 2009-03-27 04:40 133424 ----a-w- c:\users\BRAHIMI\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-27 14:02 . 2009-04-20 04:24 -------- d-----w- c:\users\BRAHIMI\AppData\Roaming\Skype
2009-08-27 13:21 . 2009-04-06 19:27 -------- d-----w- c:\users\BRAHIMI\AppData\Roaming\skypePM
2009-08-17 16:21 . 2009-03-26 20:03 -------- d-----w- c:\progra~2\CyberLink
2009-08-17 16:17 . 2009-03-26 20:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-13 20:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-13 19:58 . 2009-03-27 19:07 -------- d-----w- c:\progra~2\Microsoft Help
2009-08-09 11:22 . 2009-08-09 11:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-05 18:37 . 2009-03-29 15:06 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-05 18:28 . 2009-04-16 03:35 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-24 12:16 . 2009-07-15 22:06 -------- d-----w- c:\progra~2\Roxio
2009-07-23 13:33 . 2009-05-05 05:26 172032 ------w- c:\windows\Setup1.exe
2009-07-23 13:33 . 2009-05-05 05:26 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-07-21 21:52 . 2009-08-05 16:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-05 16:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-05 16:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-05 16:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 16:13 . 2009-07-18 16:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-07-18 16:13 . 2009-07-18 16:13 -------- d-----w- c:\program files\DellTPad
2009-07-18 14:40 . 2009-04-15 01:23 -------- d-----w- c:\users\BRAHIMI\AppData\Roaming\Dell
2009-07-18 09:09 . 2009-07-18 09:10 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 09:09 . 2009-07-15 22:12 -------- d-----w- c:\program files\Java
2009-07-15 22:15 . 2009-07-15 22:15 -------- d-----w- c:\users\BRAHIMI\AppData\Roaming\InstallShield
2009-07-15 22:12 . 2009-07-15 22:12 -------- d-----w- c:\program files\Common Files\Java
2009-07-15 22:06 . 2009-07-15 22:06 -------- d-----w- c:\users\BRAHIMI\AppData\Roaming\Roxio
2009-07-15 19:09 . 2009-07-15 19:09 -------- d-----w- c:\progra~2\Uninstall
2009-07-15 19:09 . 2009-07-15 19:09 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-07-15 19:08 . 2009-07-15 19:08 -------- d-----w- c:\progra~2\Sonic
2009-07-15 19:08 . 2009-07-15 19:08 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-07-15 19:08 . 2009-07-15 19:07 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-07-15 19:08 . 2009-04-01 02:04 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-15 18:15 . 2009-05-10 06:32 -------- d-----w- c:\program files\Common Files\supportsoft
2009-07-15 18:08 . 2009-07-15 18:09 1601536 ----a-w- c:\windows\system32\stlang.dll
2009-07-15 18:08 . 2009-07-15 18:08 595456 ----a-w- c:\windows\system32\stapo.dll
2009-07-15 18:08 . 2009-07-15 18:08 328704 ----a-w- c:\windows\system32\stcplx.dll
2009-07-15 18:08 . 2009-07-15 18:08 299520 ----a-w- c:\windows\system32\stapi32.dll
2009-07-15 18:08 . 2009-07-15 18:09 73728 ----a-w- c:\windows\system32\AEstSrv.exe
2009-07-15 18:08 . 2009-07-15 18:09 647168 ----a-w- c:\windows\system32\aestecap.dll
2009-07-15 18:08 . 2009-07-15 18:09 53248 ----a-w- c:\windows\system32\aestaren.dll
2009-07-15 18:08 . 2009-07-15 18:09 131072 ----a-w- c:\windows\system32\aestacap.dll
2009-07-15 18:08 . 2009-07-15 18:09 102400 ----a-w- c:\windows\system32\stacsv.exe
2009-07-15 18:08 . 2009-05-15 19:30 146944 ----a-w- c:\windows\system32\staco.dll
2009-07-15 17:55 . 2009-03-27 17:21 -------- d-----w- c:\program files\Intel
2009-07-15 17:54 . 2009-07-15 17:54 277784 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-07-15 17:54 . 2009-07-15 17:55 936472 ----a-w- c:\windows\system32\imsmudlg.exe
2009-07-15 17:54 . 2009-03-27 23:38 319456 ----a-w- c:\windows\system32\difxapi.dll
2009-07-15 12:40 . 2009-08-13 19:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 19:37 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 19:37 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 19:37 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 18:06 . 2009-04-06 19:25 -------- d-----w- c:\program files\Google
2009-07-14 18:06 . 2009-03-27 19:08 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-07-14 18:05 . 2009-04-15 01:17 -------- dc-h--w- c:\progra~2\{65723BD7-8477-4ADF-8686-B75D0C3C0E4D}
2009-07-14 18:05 . 2009-04-14 05:02 -------- dc-h--w- c:\progra~2\{7AFFC3A8-183F-40D4-A968-735F60EC7C84}
2009-07-14 18:03 . 2009-07-14 18:03 -------- d-----w- c:\users\BRAHIMI\AppData\Roaming\GlarySoft
2009-06-15 23:15 . 2009-08-13 19:37 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 14:54 . 2009-08-13 19:37 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 14:53 . 2009-07-18 08:43 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:53 . 2009-08-13 19:37 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 14:53 . 2009-08-13 19:37 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 14:53 . 2009-08-13 19:37 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 14:52 . 2009-08-13 19:37 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 14:52 . 2009-07-18 08:43 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-08-13 19:37 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 14:52 . 2009-07-18 08:43 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-18 08:43 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:48 . 2009-08-13 19:37 9728 ----a-w- c:\windows\system32\lsass.exe
2009-06-15 12:42 . 2009-07-18 08:43 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-12 20:14 . 2009-03-27 04:40 6324 ----a-w- c:\users\BRAHIMI\AppData\Local\d3d9caps.dat
2009-03-27 04:58 . 2009-03-27 04:58 76 --sh--r- c:\windows\CT4CET.bin
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-08 39408]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\users\BRAHIMI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-12-18 1312096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
2002-08-26 10:17 49152 ----a-w- c:\windows\System32\LogonDll.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QLINK.lnk]
backup=c:\windows\pss\QLINK.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"PMX Daemon"=ICO.EXE
"OEM02Mon.exe"=c:\windows\OEM02Mon.exe
"Broadcom Wireless Manager UI"=c:\windows\system32\WLTRAY.exe
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" -autorun
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"Apoint"=c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c6,df,35,d0,56,e3,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8E93A13E-A559-4C8A-B2AF-3E79F3DD3CDF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{AF2C97D8-AFC2-4C43-BFF8-D0A4D6CA7BEE}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{5C60CA48-4D91-45C2-8CFF-A2F98CEE8493}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{6C2000B4-314F-4A7D-9998-7FCA92949E40}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{659A2866-323D-409C-A937-CB966FBF71FC}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{20481282-4E53-4DDB-B20D-F0C9E7E8F184}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 DepFrzHi;DepFrzHi;c:\windows\System32\drivers\DepFrzHi.sys [26/08/2002 12:16 12288]
R0 DepFrzLo;DepFrzLo;c:\windows\System32\drivers\DepFrzLo.sys [26/08/2002 12:15 52709]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe [09/05/2009 23:54 73728]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [31/08/2009 19:45 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [31/08/2009 19:45 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [31/08/2009 19:45 434945]
R2 DFServEx;DFServEx;c:\program files\HyperTechnologies\Deep Freeze\DFServEx.exe [26/08/2002 12:15 288256]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [02/04/2009 11:27 55280]
R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [07/02/2009 03:08 533360]
R2 SBSDWSCService;SBSD Security Center Service;f:\program files\Spybot - Search & Destroy\SDWinSec.exe [20/04/2009 06:59 1153368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [15/07/2009 20:00 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [10/10/2007 17:03 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [09/05/2009 23:58 7424]
S3 pmxmouse;PMXMOUSE;c:\windows\System32\drivers\pmxmouse.SYS [27/03/2009 06:51 18432]
S3 pmxps2m;PMXPS2M;c:\windows\System32\drivers\pmxps2m.sys [27/03/2009 06:51 23360]
S3 pmxusblf;PMXUSBLF;c:\windows\System32\drivers\pmxusblf.sys [27/03/2009 06:51 19008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-03 c:\windows\Tasks\GlaryInitialize.job
- f:\program files\Glary Utilities\initialize.exe [2009-07-14 14:55]

2009-09-03 c:\windows\Tasks\User_Feed_Synchronization-{09684069-FF60-475B-A8EB-372CF7B3B651}.job
- c:\windows\system32\msfeedssync.exe [2009-08-05 20:13]
.
.
------- Supplementary Scan -------
.
IE: Consulter les dictionnaires (SYSTRAN) - f:\program files\SYSTRAN\6\\GUIres.dll/lookup.js
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Traduire (SYSTRAN) - f:\program files\SYSTRAN\6\\GUIres.dll/translate.js
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\BRAHIMI\AppData\Roaming\Mozilla\Firefox\Profiles\x2hciz0k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: f:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: f:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: f:\program files\DivX\DivX Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 03:40
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\BRAHIMI\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-03 3:42
ComboFix-quarantined-files.txt 2009-09-03 01:42

Pre-Run: 17 757 409 280 bytes free
Post-Run: 17 963 528 192 bytes free

285 --- E O F --- 2009-09-02 00:17

bonjour, nom masculin

Sens : Terme utilisé pour saluer quelqu'un.

Bonjour

==>> la politesse sur le forum

EDITION MODERATEUR : Règle du forum à respecter :

Pas de rapport avant qu'il n'en soit demandé un !

Veuillez lire l'article suivant :
http://forum.telecharger.01net.com/telecharger/securite_virus_et_assimiles/a_(...)

Merci d'en prendre connaissance.





donc veuillez recommencer votre sujet en respectant les règles énoncées