Liens ANG apparait sur MSN

Bonjour tout le monde,

alors voilà, depuis quelque jours, lorsque je me connect via msn, mes contact me dise recevoir un message en anglais suivi d'un lien...hier j'ai meme eut droit à ma propre fenetre, cad que j'etais connecter sous mon adresse, mon blaze, et en ligne...alors que je suis hors ligne par default.

Voici les messages en question (ATTETION NE PAS CLIQUé DESSUS )

Ever since Derek and I seen those Acai pills on Cnn and Oprah we have been taking them and losing so much weight so fast with no diets or excercise , we are living proof that it works like magic and they are only five dollars now to try from EDITION MODERATEUR : pas-de-lien-dangereux

Wanna lose a lot of weight without diets or excercise? Kathy and I have both lost over 31 pounds in a couple weeks just by taking Acai tablets daily, the same ones that Oprah talked about on her show. They are only five dollars to try, We get them from EDITION MODERATEUR : pas-de-lien-dangereux

J'ai antivir, comodo, a², spybot, ccleaner...scan de tous rien y fait.

Je viens de faire le début de la procédure de GENpro (a savoir le scan) il me dit ceci a la fin :

GenProc n'a détecté aucune infection caractéristique et suggère de

suivre la procédure suivante :


Poste un rapport Nod32 http://www.eset-nod32.fr/scanner.html (il faut

utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle

le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt


Avant de continué toute autre chose , j'aimerais etre suivi, aidé, par vos soins.

Merci d'avance pour votre aide.

Désolé pour le post du rapport, je voulais juste être plus précis et indiqué où j'en étais...

Salut bzsfirefly


On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse

Les rapports sont dans le dossier ici C:\rsit


@++

Bonjour Dédétraqué, et merci pour ta réponse. Désolé en passant pour les liens dangereux, merci de les avoir radiés.

Voici donc les rapports en question :

Log :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Brezusama at 2009-03-22 12:02:01
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 64 GB (70%) free of 92 GB
Total RAM: 2046 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:52, on 22/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Brezusama\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\FlashGet\flashget.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Brezusama\Desktop\RSIT.exe
C:\Users\Brezusama\Desktop\GenProc\outil\Brezusama.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: PrivBar - {300BC64A-BF32-4cc8-8917-91148CEFE700} - C:\DropMyRights\PrivBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Brezusama\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs:
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 10638 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1723732237-2200155508-288485982-1000.job
C:\Windows\tasks\User_Feed_Synchronization-{38AE886A-3ABD-4FB8-A768-B3BAD98A46AD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
CKeyScramblerBHO Object - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2008-11-16 812520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-24 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-24 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{300BC64A-BF32-4cc8-8917-91148CEFE700} - PrivBar - C:\DropMyRights\PrivBar.dll [2004-05-18 53248]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"=C:\Windows\Skytel.exe [2007-06-15 1826816]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2009-02-27 1851128]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-11-16 266497]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]
"COMODO Internet Security"=C:\Program Files\COMODO\Firewall\cfp.exe [2009-02-27 1851128]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-24 136600]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-09-21 55824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Google Update"=C:\Users\Brezusama\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-12 133104]
"RamBoostXp"=C:\Program Files\RamBoost XP\rambxpfr.exe [2004-03-09 1542144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
C:\Windows\ASScrProlog.exe [2008-11-15 37232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\ASScrPro.exe [2008-11-15 33136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
C:\Program Files\P4P\P4P.exe [2007-08-02 778240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zshutdown1]
c:\preload\patch\sysprep1.cmd []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-03-22 12:02:00 ----DC---- C:\rsit
2009-03-21 21:43:43 ----DC---- C:\Program Files\EsetOnlineScanner
2009-03-21 10:02:22 ----DC---- C:\GenProc
2009-03-19 14:56:28 ----RAC---- C:\Windows\system32\AdobePDF.dll
2009-03-17 17:16:45 ----AC---- C:\Bug.txt
2009-03-17 17:15:43 ----DC---- C:\32788R22FWJFW
2009-03-11 13:05:19 ----AC---- C:\Windows\system32\schannel.dll
2009-03-11 13:05:08 ----AC---- C:\Windows\system32\wmp.dll
2009-03-11 13:05:07 ----AC---- C:\Windows\system32\spwmp.dll
2009-03-11 13:05:06 ----AC---- C:\Windows\system32\wmploc.DLL
2009-03-11 13:05:06 ----AC---- C:\Windows\system32\dxmasf.dll
2009-03-10 21:53:09 ----DC---- C:\Users\Brezusama\AppData\Roaming\Logitech
2009-03-10 21:51:51 ----RC---- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2009-03-10 21:48:35 ----AC---- C:\Windows\system32\BtCoreIf.dll
2009-03-10 21:48:31 ----AC---- C:\Windows\system32\KemXML.dll
2009-03-10 21:48:31 ----AC---- C:\Windows\system32\KemWnd.dll
2009-03-10 21:48:31 ----AC---- C:\Windows\system32\KemUtil.dll
2009-03-10 21:48:31 ----AC---- C:\Windows\system32\kemutb.dll
2009-03-10 21:48:11 ----DC---- C:\ProgramData\Logitech
2009-03-10 21:48:04 ----DC---- C:\Program Files\Common Files\Logishrd
2009-03-10 21:47:57 ----DC---- C:\Program Files\Logitech
2009-03-10 21:45:18 ----DC---- C:\ProgramData\LogiShrd
2009-02-24 12:20:13 ----AC---- C:\Windows\system32\javaws.exe
2009-02-24 12:20:13 ----AC---- C:\Windows\system32\javaw.exe
2009-02-24 12:20:13 ----AC---- C:\Windows\system32\java.exe
2009-02-24 12:20:13 ----AC---- C:\Windows\system32\deploytk.dll
2009-02-23 21:31:28 ----DC---- C:\Users\Brezusama\AppData\Roaming\OpenOffice.org
2009-02-23 21:25:29 ----DC---- C:\Program Files\JRE
2009-02-23 21:25:24 ----DC---- C:\Program Files\OpenOffice.org 3
2009-02-23 21:23:35 ----DC---- C:\Program Files\Java
2009-02-23 21:23:33 ----DC---- C:\Program Files\Common Files\Java

======List of files/folders modified in the last 1 months======

2009-03-22 12:02:41 ----DC---- C:\Windows\Prefetch
2009-03-22 12:01:48 ----DC---- C:\Windows\Temp
2009-03-22 11:59:13 ----DC---- C:\Program Files\Mozilla Firefox
2009-03-21 21:43:43 ----RDC---- C:\Program Files
2009-03-21 21:43:34 ----SDC---- C:\Windows\Downloaded Program Files
2009-03-21 21:43:34 ----DC---- C:\Windows\System32
2009-03-21 19:34:28 ----DC---- C:\Windows\inf
2009-03-21 19:34:28 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2009-03-21 19:19:47 ----DC---- C:\Windows
2009-03-21 19:18:29 ----AC---- C:\Windows\MegaManager.INI
2009-03-21 18:11:07 ----DC---- C:\Windows\system32\LogFiles
2009-03-21 16:01:33 ----SHD---- C:\System Volume Information
2009-03-21 12:14:17 ----DC---- C:\Program Files\RamBoost XP
2009-03-21 12:14:06 ----DC---- C:\Windows\system32\drivers
2009-03-21 10:47:55 ----DC---- C:\Users\Brezusama\AppData\Roaming\Adobe
2009-03-19 14:57:00 ----SHDC---- C:\Windows\Installer
2009-03-18 23:08:16 ----DC---- C:\Program Files\adslTV
2009-03-17 20:37:12 ----DC---- C:\Program Files\a-squared Free
2009-03-17 17:33:59 ----AC---- C:\Windows\system32\acovcnt.exe
2009-03-17 17:32:51 ----DC---- C:\Windows\system32\wbem
2009-03-17 17:32:06 ----DC---- C:\Windows\system32\config
2009-03-17 17:31:55 ----DC---- C:\Windows\Tasks
2009-03-17 17:31:55 ----DC---- C:\Windows\system32\spool
2009-03-17 17:31:51 ----DC---- C:\Windows\system32\catroot2
2009-03-17 17:31:51 ----DC---- C:\Users\Brezusama\AppData\Roaming\Winamp
2009-03-17 17:31:50 ----DC---- C:\ProgramData\Spybot - Search & Destroy
2009-03-17 17:31:49 ----DC---- C:\ProgramData\FLEXnet
2009-03-17 17:31:47 ----DC---- C:\Windows\registration
2009-03-16 12:11:01 ----DC---- C:\Windows\Debug
2009-03-16 11:57:03 ----DC---- C:\Downloads
2009-03-12 13:10:12 ----DC---- C:\Users\Brezusama\AppData\Roaming\Mozilla
2009-03-12 13:09:59 ----DC---- C:\Windows\system32\Tasks
2009-03-11 23:56:26 ----DC---- C:\Users\Brezusama\AppData\Roaming\vlc
2009-03-11 19:00:35 ----D---- C:\Windows\winsxs
2009-03-11 18:50:26 ----DC---- C:\Windows\system32\catroot
2009-03-11 18:48:36 ----DC---- C:\Program Files\Windows Media Player
2009-03-11 18:48:35 ----DC---- C:\Program Files\Windows Mail
2009-03-11 18:48:32 ----DC---- C:\Program Files\Spybot - Search & Destroy
2009-03-10 21:51:12 ----HDC---- C:\Program Files\InstallShield Installation Information
2009-03-10 21:48:11 ----HDC---- C:\ProgramData
2009-03-10 21:48:04 ----DC---- C:\Program Files\Common Files
2009-03-04 18:20:28 ----DC---- C:\Users\Brezusama\AppData\Roaming\FileZilla
2009-03-02 19:56:57 ----DC---- C:\Program Files\FileZilla FTP Client
2009-02-27 21:05:33 ----AC---- C:\Windows\system32\guard32.dll
2009-02-25 12:55:00 ----AC---- C:\Windows\system32\mrt.exe
2009-02-25 10:22:58 ----DC---- C:\Program Files\ffdshow
2009-02-23 21:27:07 ----RSDC---- C:\Windows\assembly
2009-02-23 21:25:52 ----RSDC---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-30 75072]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2009-02-27 108560]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2009-02-21 28688]
R1 Inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2009-02-21 67600]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 EIO;EIO; \??\C:\Windows\system32\drivers\EIO.sys [2005-10-20 11264]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-20 3077632]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-11-16 52032]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-10 1792792]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 KeyScrambler;KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [2008-06-24 113896]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-18 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-15 7680]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-09-19 305664]
S3 atzj6l7n;atzj6l7n; C:\Windows\system32\drivers\atzj6l7n.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-10-14 4422560]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064]
S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2008-11-14 23600]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2008-01-18 28160]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-03-02 425080]
R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-16 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-16 151297]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-09-20 610304]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2009-02-27 700152]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 yksvc;Marvell Yukon Service; ykx32mpcoinst,serviceStartProc []
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-16 654848]
S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2007-11-15 121360]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]

-----------------EOF-----------------


Info :

info.txt logfile of random's system information tool 1.06 2009-03-22 12:03:06

======Uninstall list======

7-Zip 4.62-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{65A218E9-B433-4EB4-B154-94A832E3E813}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{4BDB76C6-902E-41D5-9064-68768E02886B}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{80FD3971-8482-49C8-BA8C-B6464A15882F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Video Encoder-->MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{FE8327F9-3AC1-4586-8C7E-3DEE2BC92441}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
Adobe Setup-->MsiExec.exe /I{0E0C89BF-82DD-4015-8DED-528CDCA9594A}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Ajouter ou supprimer Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\45cc9ec45a95028a5e85c9ec5cefaba\Setup.exe
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
a-squared Free 3.0-->"C:\Program Files\a-squared Free\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ASUS Data Security Manager-->C:\Program Files\InstallShield Installation Information\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}\SETUP.EXE -runfromtemp -l0x040c -removeonly
ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.EXE" -l0x9
ASUS MultiFrame-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\setup.EXE" -l0x9
ASUS Splendid Video Enhancement Technology-->C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\setup.EXE -runfromtemp -l0x040c -removeonly
ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
Asus_Camera_ScreenSaver-->"C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe"
ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\setup.EXE -runfromtemp -l0x040c -removeonly
ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x040c -removeonly
ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\setup.exe -runfromtemp -l0x0009 -removeonly
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
ccc-Branding-->MsiExec.exe /I{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD Audio Reader Filter (remove only)-->"C:\Program Files\CD Audio Reader Filter\uninstall.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
DC-Bass Source 1.1.1-->"C:\Program Files\DSP-worx\DC-Bass Source\Uninstall.exe"
DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe"
DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
DropMyRights-->MsiExec.exe /I{E5B72007-07C9-4E67-B29E-696073F45704}
DScaler 5 Mpeg Decoders-->"C:\Program Files\DScaler5\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
ESET Online Scanner-->C:\Windows\system32\OnlineScannerUninstaller.exe
EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
ffdshow [rev 2527] [2008-12-19]-->"C:\Program Files\ffdshow\unins000.exe"
FileZilla Client 3.2.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe
freeBrowser 0.9.0-->C:\Program Files\freeBrowser\uninst.exe
Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe
Google Talk Plugin-->MsiExec.exe /I{B279F2F1-3B2F-3A96-AC11-5743CD43DCCB}
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HTML Help Workshop-->C:\Program Files\HTML Help Workshop\setup.exe Uninstall
ImgBurn 2.3.2.0 Fr-->"C:\Program Files\ImgBurn\unins000.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.EXE" -l0x40c -removeonly
KeyScrambler-->C:\Program Files\KeyScrambler\uninstall.exe
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x40c UNINSTALL
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
MediaInfo 0.7.7.8-->C:\Program Files\MediaInfo\uninst.exe
Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
MONOGRAM AMR Splitter/Decoder (remove only)-->"C:\Program Files\MONOGRAM AMR SplitterDecoder\uninstall.exe"
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.EXE" -l0x9
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{CBDE9C7D-CF52-4558-B23E-B66359CB586A}
Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
OpenSource Flash Video Splitter (remove only)-->"C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe"
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
P4P-->C:\Program Files\InstallShield Installation Information\{FC3D290D-79BE-44B7-ABF9-FDD110925930}\setup.EXE -runfromtemp -l0x0009 -removeonly
Package de pilotes Windows - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_5e0e55c3\nokia_bluetooth.inf
Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Power4Gear eXtreme-->C:\Program Files\InstallShield Installation Information\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}\setup.EXE -runfromtemp -l0x040c -removeonly
RamBoost XP 4.0.6-->"C:\Program Files\RamBoost XP\unins000.exe"
RealMedia (remove only)-->"C:\Program Files\RealMedia\uninstall.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x40c -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
SHOUTcast Source (remove only)-->"C:\Program Files\SHOUTcast Source\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SYSTRAN-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4C94F105-81D0-4AFC-8F0A-38949DC07F65} /l1036
USB 2.0 1.3M UVC WebCam-->C:\Windows\snuninst.exe /name='USB 2.0 1.3M UVC WebCam'
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vue 6 xStream 32bit-->C:\Program Files\e-on software\Vue 6 xStream\Uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.EXE" -l0x9
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.EXE -runfromtemp -l0x040c -removeonly
Zoom Player (remove only)-->"C:\Program Files\Zoom Player\uninstall.exe"
Zoom Player French language (remove only)-->"C:\Program Files\Zoom Player\Language\uninstall.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

FW: COMODO Firewall
AS: COMODO Defense+
AS: Spybot - Search and Destroy (outdated)
AS: Windows Defender

======System event log======

Computer Name: BZSFirefly
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 67940
Source Name: Tcpip
Time Written: 20090321145430.802508-000
Event Type: Avertissement
User:

Computer Name: BZSFirefly
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 67947
Source Name: Tcpip
Time Written: 20090321170847.641508-000
Event Type: Avertissement
User:

Computer Name: BZSFirefly
Event Code: 3004
Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez.
Pour plus d’informations, consultez les données suivantes :
Non applicable
ID d’analyse : {4D2287A6-8EA4-4423-9640-78DE01F5B4B2}
Utilisateur : BZSFirefly\Brezusama
Nom : Unknown
ID :
ID de gravité :
ID de catégorie :
Chemin d’accès trouvé : clsid:HKLM\SOFTWARE\CLASSES\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B};regkey:HKLM\Software\Microsoft\Code Store Database\Distribution Units\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\CONTAINS\FILES\\C:\Windows\System32\OnlineScannerUninstaller.exe;regkey:HKLM\Software\Microsoft\Code Store Database\Distribution Units\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\CONTAINS\FILES\\C:\Windows\System32\OnlineScannerLang.dll;regkey:HKLM\Software\Microsoft\Code Store Database\Distribution Units\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\CONTAINS\FILES\\C:\Windows\System32\OnlineScannerDLLW.dll;regkey:HKLM\Software\Microsoft\Code Store Database\Distribution Units\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\CONTAINS\FILES\\C:\Windows\System32\OnlineScannerDLLA.dll;regkey:HKLM\Software\Microsoft\Code Store Database\Distribution Units\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\CONTAINS\FILES\\C:\Windows\System32\OnlineScanner.ocx;regkey:HKLM\Software\Microsoft\Code Store Database\Distribution Units\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\CON
Type d’alerte : Logiciel non classifié
Type de détection :
Record Number: 67968
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090321204340.000000-000
Event Type: Avertissement
User:

Computer Name: BZSFirefly
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 67971
Source Name: Tcpip
Time Written: 20090321214006.183708-000
Event Type: Avertissement
User:

Computer Name: BZSFirefly
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 67982
Source Name: Tcpip
Time Written: 20090322063607.556608-000
Event Type: Avertissement
User:

=====Application event log=====

Computer Name: BZSFirefly
Event Code: 4113
Message:
Record Number: 7890
Source Name: Avira AntiVir
Time Written: 20090321204605.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: BZSFirefly
Event Code: 4113
Message:
Record Number: 7891
Source Name: Avira AntiVir
Time Written: 20090321220202.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: BZSFirefly
Event Code: 4113
Message:
Record Number: 7892
Source Name: Avira AntiVir
Time Written: 20090321220202.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: BZSFirefly
Event Code: 4113
Message:
Record Number: 7893
Source Name: Avira AntiVir
Time Written: 20090321220226.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: BZSFirefly
Event Code: 4113
Message:
Record Number: 7894
Source Name: Avira AntiVir
Time Written: 20090321220226.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

=====Security event log=====

Computer Name: BZSFirefly
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 22086
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090322110250.154608-000
Event Type: Échec de l'audit
User:

Computer Name: BZSFirefly
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 22087
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090322110250.185808-000
Event Type: Échec de l'audit
User:

Computer Name: BZSFirefly
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 22088
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090322110250.217008-000
Event Type: Échec de l'audit
User:

Computer Name: BZSFirefly
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 22089
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090322110250.248208-000
Event Type: Échec de l'audit
User:

Computer Name: BZSFirefly
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 22090
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090322110250.279408-000
Event Type: Échec de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"configsetroot"=%SystemRoot%\ConfigSetRoot

-----------------EOF-----------------

Merci

Salut Salut bzsfirefly


Rien de suspect et désolé pour l'attente, j'avais perdu ton poste avec le nouveau Forum.

Télécharge combofix.exe (de sUBs) sur le bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Important Désactive ton Antivirus et antispyware avant le scan avec Combofix :
http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm


==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

Double clique sur combofix.exe, clique sur OUI et valide par Entrée

Il te sera demandé d’installer la console si elle n’est pas installer, clique sur NON

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\ Combofix.txt

Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure


@++

Hi dédétraqué, bon ben a priori tu me dis RAS ^^ ouuf

Bizar ce msn alors :s , continuons donc

Voici le repport :

ComboFix 09-03-28.06 - Brezusama 2009-03-29 12:29:00.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1186 [GMT 2:00]
Lancé depuis: d:\dl recent\Nouveau dossier\ComboFix.exe
FW: COMODO Firewall *enabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-29 ))))))))))))))))))))))))))))))))))))
.

2009-03-29 12:25 . 2009-03-29 12:25 <REP> d----c--- C:\32788R22FWJFW
2009-03-22 13:02 . 2009-03-22 13:03 <REP> d----c--- C:\rsit
2009-03-21 22:43 . 2009-03-22 01:18 <REP> d----c--- c:\program files\EsetOnlineScanner
2009-03-21 11:02 . 2009-03-21 11:02 <REP> d----c--- C:\GenProc
2009-03-19 15:56 . 2007-03-23 05:05 29,272 -ra--c--- c:\windows\System32\AdobePDF.dll
2009-03-12 19:31 . 2009-03-12 19:31 <REP> d----c--- c:\users\Brezusama User\AppData\Roaming\Logitech
2009-03-11 14:05 . 2008-12-16 05:29 8,147,456 --a--c--- c:\windows\System32\wmploc.DLL
2009-03-11 14:05 . 2009-02-09 05:10 2,033,152 --a--c--- c:\windows\System32\win32k.sys
2009-03-11 14:05 . 2008-11-27 06:43 268,288 --a--c--- c:\windows\System32\schannel.dll
2009-03-11 14:05 . 2008-12-16 07:31 7,680 --a--c--- c:\windows\System32\spwmp.dll
2009-03-11 14:05 . 2008-12-16 07:31 4,096 --a--c--- c:\windows\System32\msdxm.ocx
2009-03-11 14:05 . 2008-12-16 07:31 4,096 --a--c--- c:\windows\System32\dxmasf.dll
2009-03-10 22:53 . 2009-03-10 22:53 <REP> d----c--- c:\users\Brezusama\AppData\Roaming\Logitech
2009-03-10 22:51 . 2009-03-10 22:51 127,034 -r---c--- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-03-10 22:49 . 2009-03-10 22:49 0 --ah-c--- c:\windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-10 22:48 . 2009-03-10 22:53 <REP> d----c--- c:\users\All Users\Logitech
2009-03-10 22:48 . 2009-03-10 22:53 <REP> d----c--- c:\programdata\Logitech
2009-03-10 22:48 . 2009-03-10 22:52 <REP> d----c--- c:\program files\Common Files\Logishrd
2009-03-10 22:48 . 2007-11-15 11:06 301,656 --a--c--- c:\windows\System32\BtCoreIf.dll
2009-03-10 22:48 . 2007-11-15 11:07 170,512 --a--c--- c:\windows\System32\kemutb.dll
2009-03-10 22:48 . 2007-11-15 11:07 141,840 --a--c--- c:\windows\System32\KemUtil.dll
2009-03-10 22:48 . 2007-11-15 11:07 117,264 --a--c--- c:\windows\System32\KemWnd.dll
2009-03-10 22:48 . 2007-11-15 11:07 76,304 --a--c--- c:\windows\System32\KemXML.dll
2009-03-10 22:47 . 2009-03-10 22:51 <REP> d----c--- c:\program files\Logitech
2009-03-10 22:45 . 2009-03-10 22:45 <REP> d----c--- c:\users\All Users\LogiShrd
2009-03-10 22:45 . 2009-03-10 22:45 <REP> d----c--- c:\programdata\LogiShrd

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 10:20 --------- dc----w c:\program files\RamBoost XP
2009-03-29 10:01 --------- dc----w c:\program files\adslTV
2009-03-25 18:22 --------- dc----w c:\program files\Zoom Player
2009-03-25 08:09 --------- dc----w c:\program files\KeyScrambler
2009-03-24 22:17 --------- dc----w c:\program files\Java
2009-03-17 19:37 --------- dc----w c:\program files\a-squared Free
2009-03-17 16:31 --------- dc----w c:\users\Brezusama\AppData\Roaming\Winamp
2009-03-17 16:31 --------- dc----w c:\programdata\Spybot - Search & Destroy
2009-03-17 16:31 --------- dc----w c:\programdata\FLEXnet
2009-03-11 22:56 --------- dc----w c:\users\Brezusama\AppData\Roaming\vlc
2009-03-11 17:48 --------- dc----w c:\program files\Windows Mail
2009-03-11 17:48 --------- dc----w c:\program files\Spybot - Search & Destroy
2009-03-10 20:51 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-03-09 04:19 410,984 -c--a-w c:\windows\System32\deploytk.dll
2009-03-04 17:20 --------- dc----w c:\users\Brezusama\AppData\Roaming\FileZilla
2009-03-02 18:56 --------- dc----w c:\program files\FileZilla FTP Client
2009-02-27 20:05 155,384 -c--a-w c:\windows\System32\guard32.dll
2009-02-27 20:05 108,560 -c--a-w c:\windows\system32\drivers\cmdguard.sys
2009-02-26 00:04 --------- dc----w c:\users\Brezusama User\AppData\Roaming\Media Player Classic
2009-02-25 17:42 --------- dc----w c:\users\Brezusama User\AppData\Roaming\Nero
2009-02-25 09:22 --------- dc----w c:\program files\ffdshow
2009-02-23 20:31 --------- dc----w c:\users\Brezusama\AppData\Roaming\OpenOffice.org
2009-02-23 20:25 --------- dc----w c:\program files\OpenOffice.org 3
2009-02-23 20:25 --------- dc----w c:\program files\JRE
2009-02-23 20:23 --------- dc----w c:\program files\Common Files\Java
2009-02-21 15:03 0 -c-ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-02-21 13:14 28,688 -c--a-w c:\windows\system32\drivers\cmdhlp.sys
2009-02-20 19:46 --------- dc----w c:\programdata\comodo
2009-02-12 10:24 --------- dc----w c:\users\Brezusama User\AppData\Roaming\Winamp
2009-02-12 02:10 --------- dc----w c:\users\Brezusama User\AppData\Roaming\vlc
2009-02-06 17:52 49,504 -c--a-w c:\windows\System32\sirenacm.dll
2009-02-02 16:04 --------- dc----w c:\program files\CCleaner
2009-01-15 06:11 827,392 -c--a-w c:\windows\System32\wininet.dll
2008-11-14 19:59 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 18:08 143360 --a------ c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\users\Brezusama\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-12 133104]
"RamBoostXp"="c:\program files\RamBoost XP\rambxpfr.exe" [2004-03-09 1542144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-02-27 1851128]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-11-16 266497]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2009-02-27 1851128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 c:\windows\SkyTel.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-03-10 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-03-10 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a--c--- 2008-10-14 22:38 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
--a--c--- 2008-11-15 02:42 37232 c:\windows\ASScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
--a--c--- 2008-11-15 02:42 33136 c:\windows\ASScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a--c--- 2006-03-20 17:34 213936 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r---c--- 2007-03-20 08:36 36864 c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
--a--c--- 2007-08-02 21:52 778240 c:\program files\P4P\P4P.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a--c--- 2006-11-22 11:31 630784 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2008-01-19 00:36 2153472 c:\windows\System32\oobefldr.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{4ED40CA0-AA70-49BC-BB02-84EB959A6DAD}c:\\program files\\e-on software\\vue 6 xstream\\application\\vue 6 xstream.eon"= UDP:c:\program files\e-on software\vue 6 xstream\application\vue 6 xstream.eon:Vue 6 xStream.eon
"UDP Query User{AB7DC586-A7FD-48DB-B0E4-BD0DCCBBF756}c:\\program files\\e-on software\\vue 6 xstream\\application\\vue 6 xstream.eon"= TCP:c:\program files\e-on software\vue 6 xstream\application\vue 6 xstream.eon:Vue 6 xStream.eon
"TCP Query User{E2ED9C67-BBA7-46DD-93B7-760DC5795A1D}c:\\program files\\systran\\6\\systrantranslationprojectmanager.exe"= UDP:c:\program files\systran\6\systrantranslationprojectmanager.exe:SystranTranslationProjectManager
"UDP Query User{57B29905-6A7E-451F-BA3F-2B29D2E28E53}c:\\program files\\systran\\6\\systrantranslationprojectmanager.exe"= TCP:c:\program files\systran\6\systrantranslationprojectmanager.exe:SystranTranslationProjectManager
"TCP Query User{14FEF918-3FC1-4F3A-ABCF-A3209E4F0B56}c:\\program files\\systran\\6\\systrantoolbar.exe"= UDP:c:\program files\systran\6\systrantoolbar.exe:SYSTRAN Translation Toolbar
"UDP Query User{692EF741-0050-41C5-9455-91AA40386C4D}c:\\program files\\systran\\6\\systrantoolbar.exe"= TCP:c:\program files\systran\6\systrantoolbar.exe:SYSTRAN Translation Toolbar
"{ECDB02A1-2F3F-4DB2-836B-095E9209AD9B}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{968C0427-D090-44C4-8BD1-D86C80423498}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3E3201D5-C53B-422B-AD32-67A7649A976B}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B6BD57B2-F2DD-4854-9E48-D5763CC1928A}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{54B5BEDE-FFB6-41F3-9997-1C1AF38B0A4E}"= UDP:c:\users\Brezusama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{F6E1B797-2669-4D95-8B76-D05A74403262}"= TCP:c:\users\Brezusama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{428B06E3-5D10-4F68-A089-5777361D7574}"= UDP:c:\users\Brezusama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{12563557-6A37-4EFE-B01C-10530B8B1623}"= TCP:c:\users\Brezusama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [2008-11-15 108560]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [2008-11-15 28688]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-11-15 1153368]
R3 KeyScrambler;KeyScrambler;c:\windows\System32\drivers\keyscrambler.sys [2008-11-16 114024]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-11-14 3664384]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contenu du dossier 'Tâches planifiées'

2009-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723732237-2200155508-288485982-1000.job
- c:\users\Brezusama\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-12 14:06]

2009-03-29 c:\windows\Tasks\User_Feed_Synchronization-{38AE886A-3ABD-4FB8-A768-B3BAD98A46AD}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 00:33]
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-Zshutdown1 - c:\preload\patch\sysprep1.cmd


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Tout télécharger avec FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Consulter les dictionnaires (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/lookup.js
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Download Link Using Mega Manager...
IE: Traduire (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/translate.js
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Brezusama\AppData\Roaming\Mozilla\Firefox\Profiles\02m36fgt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\users\Brezusama\AppData\Roaming\Mozilla\Firefox\Profiles\02m36fgt.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\users\Brezusama\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\users\Brezusama\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 12:48:36
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


C:\ADSM_PData_0150

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\guard32.dll
.
Heure de fin: 2009-03-29 12:53:04
ComboFix-quarantined-files.txt 2009-03-29 10:52:45

Avant-CF: 62 983 118 848 octets libres
Après-CF: 59,831,128,064 octets libres

230 --- E O F --- 2009-03-26 14:42:04


Merci

Salut bzsfirefly


Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.

- Dans Antivir, choisis Outils/Configuration.
- Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.

Fais un scan complet en mode sans échec et poste le rapport.


@++

Dédétraqué ,

Voici donc le rapport :

Avira AntiVir Personal
Report file date: lundi 30 mars 2009 03:18

Scanning for 1330401 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Save mode
Username: Brezusama
Computer name: BZSFIREFLY

Version information:
BUILD.DAT : 8.2.0.347 16934 Bytes 16/03/2009 14:45:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 30/11/2008 18:38:16
AVSCAN.DLL : 8.1.4.0 40705 Bytes 16/11/2008 17:00:29
LUKE.DLL : 8.1.4.5 164097 Bytes 16/11/2008 17:00:30
LUKERES.DLL : 8.1.4.0 12033 Bytes 16/11/2008 17:00:30
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 07:42:37
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 20:00:59
ANTIVIR2.VDF : 7.1.2.199 1008640 Bytes 22/03/2009 08:38:50
ANTIVIR3.VDF : 7.1.2.229 276480 Bytes 29/03/2009 01:09:17
Engineversion : 8.2.0.129
AEVDF.DLL : 8.1.1.0 106868 Bytes 31/01/2009 11:54:42
AESCRIPT.DLL : 8.1.1.70 369019 Bytes 27/03/2009 08:38:37
AESCN.DLL : 8.1.1.8 127346 Bytes 05/03/2009 22:21:40
AERDL.DLL : 8.1.1.3 438645 Bytes 15/11/2008 07:43:00
AEPACK.DLL : 8.1.3.11 397687 Bytes 25/03/2009 08:38:49
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 16:52:41
AEHEUR.DLL : 8.1.0.111 1679736 Bytes 25/03/2009 08:38:47
AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 16:52:33
AEGEN.DLL : 8.1.1.31 340341 Bytes 27/03/2009 08:38:36
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/11/2008 07:42:54
AECORE.DLL : 8.1.6.6 176501 Bytes 18/02/2009 12:14:00
AEBB.DLL : 8.1.0.3 53618 Bytes 15/11/2008 07:42:52
AVWINLL.DLL : 1.0.0.12 15105 Bytes 16/11/2008 17:00:29
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/11/2008 17:00:29
AVREP.DLL : 8.0.0.2 98344 Bytes 15/11/2008 07:42:51
AVREG.DLL : 8.0.0.1 33537 Bytes 16/11/2008 17:00:29
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 16/11/2008 17:00:29
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 16/11/2008 17:00:30
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 16/11/2008 17:00:24
RCTEXT.DLL : 8.0.52.0 86273 Bytes 16/11/2008 17:00:24

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: repair
Secondary action.................: delete
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: off
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: lundi 30 mars 2009 03:18

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'TabTip.exe' - '1' Module(s) have been scanned
Scan process 'wisptis.exe' - '1' Module(s) have been scanned
Scan process 'TabTip.exe' - '1' Module(s) have been scanned
Scan process 'wisptis.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
24 processes with 24 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '46' files ).


Starting the file scan:

Begin scan in 'C:\' <VistaOS>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\ComboFix\psexec.cfexe
[0] Archive type: RSRC
--> Object
[DETECTION] Contains recognition pattern of the APPL/PsExec.E application
[NOTE] A backup was created as '4a351e77.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <DATA>


End of the scan: lundi 30 mars 2009 04:06
Used time: 47:43 Minute(s)

The scan has been done completely.

25693 Scanning directories
188275 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
188272 Files not concerned
0 Archives were scanned
2 Warnings
1 Notes

Est ce grave docteur ... ^^

Encore merci de suivre ce souci,

Salut bzsfirefly


Tout est OK dans ce rapport, as-tu d'autre souci?


@++

Hi dédétraqué,

Damned, sa fais plaisir a lire lol. Bon ben alors j'espere en etre débarrasser.

J'ai recu tout a l'heure, en me connectant sur msn, un message 'similaire' d'un ami, je n'ai pas cliqué dessus, et bloqué la personne. Je voulais savoir si mes contacts sont contaminés, meme si je ne clique jamais dessus, et ou bloque ces contacts, peuvent ils me contaminés d'une quelle conque facon meme ???

En tout cas merci beaucoup d'avoir suivi le problème! J'attends ta réponse et j'édit en 'résolu'.

Salut bzsfirefly


L'important est de ne pas cliquer sur le lien que l'on t'envoie et de dire au contact que son PC est infecté et de venir faire désinfecté son PC.


On va faire un ménage des outils téléchargés pour la désinfection, télécharge Tools Cleaner sur le bureau :

http://pc-system.fr/TC/ToolsCleaner2.exe


- Faire un clique droit sur ToolsCleaner2.exe sur le bureau, et choisi exécuter en tant qu'administrateur
- Clique sur Recherche et laisse le scan agir.
- Clique sur Suppression pour finaliser.
- Tu peux, si tu le souhaites, te servir des Options facultatives.
- Clique sur Quitter pour obtenir le rapport.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
- Si des outils restes après le passage de Tools Cleaner, tu pourras les supprimer manuellement ainsi que tous les rapports qui on été généré lors de la désinfection.


Important de mettre à jour Windows et tes logiciels :
Mettre Windows(catégories critique, Services Pack et Services Release) à jour : http://www.windowsupdate.com/

Faire un scan de vulnérabilités afin de vérifier que tes logiciels soit à jour sans failles de sécurités et mettre à jour :
http://www.malekal.com/scan_vulnerabilite.php

Faire un ménage des fichiers inutiles et de la base de registre :
http://www.malekal.com/tutorial_CCleaner.html

Donne des nouvelles si tu as des soucis et on passe à la résolution du sujet par la suite.


@++

Hello dédétraqué,

Merci pour la réponse. Donc, j'ai pas réussi a scanner mon pc avec toolscleaner, il est bien sur le bureau, mais lorsque je le lance, admin ou simple double clic, il 'ne réponds' pas, il plante... Que faire stp??

De plus grande nouveauté ^^ j'ai mon Spybot qui m'affiche une alerte :

Win32.TDSS.rtk...ID processus 2848...Nom du fichier : LogiAction.exe...

En cherchant win32.tdss.rtk sur google j'ai lus que c'était un truc a supprimé...2e question , que faire stppppp???

Merci d'avance

Salut bzsfirefly


Fais moi un nouveau scan avec Combofix et poste moi le rapport.


@++

dédétraqué,

désolé pour le post en retard, je voulais répondre au tac o tac, mais il y a eut un super bug du pc, plus de connect. En fait au début il ne voulais pas me "combofixer", je suis passé en mode sans echec pour le faire (ai je eus tord...???) et de la plus rien, le scan c'est bien effectuer puis plus de connect, le pc répondais quand il voulais, j'ai alors cédé tout éteins et attendu ce matin...et là hop sa marche, j'en profite pour sauvegardé pas mal de travaux au cas où je céde de nouveau et formate! ahaha

voici donc le laborieux scan ^^ :

ComboFix 09-03-31.01 - Brezusama 2009-04-01 1:38:11.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1609 [GMT 2:00]
Lancé depuis: c:\users\Brezusama\Desktop\ComboFix.exe
FW: COMODO Firewall *enabled*
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-31 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 23:25 --------- dc----w c:\program files\RamBoost XP
2009-03-31 23:24 --------- dc----w c:\users\Brezusama\AppData\Roaming\WTablet
2009-03-31 22:13 --------- dc----w c:\users\Brezusama User\AppData\Roaming\DAEMON Tools
2009-03-31 19:49 --------- dc----w c:\users\Brezusama User\AppData\Roaming\WTablet
2009-03-31 16:31 --------- dc----w c:\programdata\Spybot - Search & Destroy
2009-03-30 21:02 --------- dc----w c:\program files\Winamp
2009-03-30 14:20 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-03-30 14:20 --------- dc----w c:\program files\ASUS
2009-03-30 01:08 --------- dc----w c:\program files\a-squared Free
2009-03-30 00:21 --------- dc----w c:\program files\adslTV
2009-03-29 19:31 --------- dc----w c:\program files\Common Files\Adobe AIR
2009-03-29 19:29 --------- dc----w c:\program files\PenLauncher
2009-03-29 18:59 --------- dc----w c:\programdata\AppData
2009-03-29 18:57 --------- dc----w c:\program files\Tablet
2009-03-25 18:22 --------- dc----w c:\program files\Zoom Player
2009-03-25 08:09 --------- dc----w c:\program files\KeyScrambler
2009-03-24 22:17 --------- dc----w c:\program files\Java
2009-03-21 23:18 --------- dc----w c:\program files\EsetOnlineScanner
2009-03-17 16:31 --------- dc----w c:\users\Brezusama\AppData\Roaming\Winamp
2009-03-17 16:31 --------- dc----w c:\programdata\FLEXnet
2009-03-12 17:31 --------- dc----w c:\users\Brezusama User\AppData\Roaming\Logitech
2009-03-11 22:56 --------- dc----w c:\users\Brezusama\AppData\Roaming\vlc
2009-03-11 17:48 --------- dc----w c:\program files\Windows Mail
2009-03-11 17:48 --------- dc----w c:\program files\Spybot - Search & Destroy
2009-03-10 20:53 --------- dc----w c:\users\Brezusama\AppData\Roaming\Logitech
2009-03-10 20:53 --------- dc----w c:\programdata\Logitech
2009-03-10 20:52 --------- dc----w c:\program files\Common Files\Logishrd
2009-03-10 20:51 127,034 -c----r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-03-10 20:51 --------- dc----w c:\program files\Logitech
2009-03-10 20:49 0 -c-ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-10 20:45 --------- dc----w c:\programdata\LogiShrd
2009-03-04 17:20 --------- dc----w c:\users\Brezusama\AppData\Roaming\FileZilla
2009-03-02 18:56 --------- dc----w c:\program files\FileZilla FTP Client
2009-02-27 20:05 108,560 -c--a-w c:\windows\system32\drivers\cmdguard.sys
2009-02-26 00:04 --------- dc----w c:\users\Brezusama User\AppData\Roaming\Media Player Classic
2009-02-25 17:42 --------- dc----w c:\users\Brezusama User\AppData\Roaming\Nero
2009-02-25 09:22 --------- dc----w c:\program files\ffdshow
2009-02-23 20:31 --------- dc----w c:\users\Brezusama\AppData\Roaming\OpenOffice.org
2009-02-23 20:25 --------- dc----w c:\program files\OpenOffice.org 3
2009-02-23 20:25 --------- dc----w c:\program files\JRE
2009-02-23 20:23 --------- dc----w c:\program files\Common Files\Java
2009-02-21 15:03 0 -c-ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-02-21 13:14 28,688 -c--a-w c:\windows\system32\drivers\cmdhlp.sys
2009-02-20 19:46 --------- dc----w c:\programdata\comodo
2009-02-12 10:24 --------- dc----w c:\users\Brezusama User\AppData\Roaming\Winamp
2009-02-12 02:10 --------- dc----w c:\users\Brezusama User\AppData\Roaming\vlc
2009-02-02 16:04 --------- dc----w c:\program files\CCleaner
2008-11-14 19:59 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-03-29_12.49.50,84 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-10 20:49:56 51,200 ----a-w c:\windows\inf\infpub.dat
+ 2009-03-29 18:58:26 51,200 ----a-w c:\windows\inf\infpub.dat
- 2009-03-10 20:49:54 86,016 ----a-w c:\windows\inf\infstor.dat
+ 2009-03-29 18:58:19 86,016 ----a-w c:\windows\inf\infstor.dat
- 2009-03-10 20:49:56 143,360 ----a-w c:\windows\inf\infstrng.dat
+ 2009-03-29 18:58:26 143,360 ----a-w c:\windows\inf\infstrng.dat
- 2009-03-29 10:21:23 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-31 23:26:00 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-31 23:26:00 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-29 10:21:18 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-31 23:25:54 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-31 23:25:54 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-29 10:25:46 16,384 -csha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-31 14:08:19 16,384 -csha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-29 10:25:46 32,768 -csha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-31 14:08:19 32,768 -csha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-29 10:25:46 16,384 -csha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-31 14:08:19 16,384 -csha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-29 10:28:42 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-03-31 23:38:02 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2006-11-02 08:51:12 15,872 -c--a-w c:\windows\System32\drivers\kbdhid.sys
+ 2008-01-18 20:49:18 15,872 -c--a-w c:\windows\System32\drivers\kbdhid.sys
+ 2008-03-17 20:14:52 15,144 -c--a-w c:\windows\System32\drivers\wacmoumonitor.sys
+ 2007-02-16 19:12:36 11,312 -c--a-w c:\windows\System32\drivers\wacommousefilter.sys
+ 2008-01-15 20:11:46 13,480 -c--a-w c:\windows\System32\drivers\wacomvhid.sys
+ 2007-02-16 00:11:28 11,440 -c--a-w c:\windows\System32\drivers\WacomVKHid.sys
+ 2008-03-17 20:14:52 15,144 ----a-w c:\windows\System32\DriverStore\FileRepository\wacmoumonitor.inf_3274754c\wacmoumonitor.sys
+ 2007-02-16 19:12:36 11,312 ----a-w c:\windows\System32\DriverStore\FileRepository\wacommousefilter.inf_ac9d35c2\wacommousefilter.sys
+ 2008-01-15 20:11:46 13,480 ----a-w c:\windows\System32\DriverStore\FileRepository\wacomvhid.inf_29c41e21\wacomvhid.sys
+ 2007-02-16 00:11:28 11,440 ----a-w c:\windows\System32\DriverStore\FileRepository\wacomvkhid.inf_1ead5696\WacomVKHid.sys
- 2008-10-05 03:24:02 3,695,008 -c--a-w c:\windows\System32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:18 2,889,088 -c--a-w c:\windows\System32\Macromed\Flash\NPSWF32.dll
- 2008-10-05 03:24:04 235,936 -c--a-w c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 03:21:20 218,496 -c--a-w c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-12-16 12:15:07 84,661 -c--a-w c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
+ 2009-03-29 19:30:27 70,264 -c--a-w c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
+ 2008-05-01 22:33:46 128,296 -c----w c:\windows\System32\Pen_Tablet.dll
+ 2008-05-01 22:40:44 3,032,360 -c----w c:\windows\System32\Pen_Tablet.exe
- 2009-03-29 10:26:51 117,144 -c--a-w c:\windows\System32\perfc009.dat
+ 2009-03-31 23:42:54 116,534 -c--a-w c:\windows\System32\perfc009.dat
- 2009-03-29 10:26:51 143,542 -c--a-w c:\windows\System32\perfc00C.dat
+ 2009-03-31 23:42:54 142,958 -c--a-w c:\windows\System32\perfc00C.dat
- 2009-03-29 10:26:51 625,582 -c--a-w c:\windows\System32\perfh009.dat
+ 2009-03-31 23:42:54 624,972 -c--a-w c:\windows\System32\perfh009.dat
- 2009-03-29 10:26:51 713,542 -c--a-w c:\windows\System32\perfh00C.dat
+ 2009-03-31 23:42:54 712,556 -c--a-w c:\windows\System32\perfh00C.dat
- 2009-03-28 07:47:29 9,602 -c--a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1723732237-2200155508-288485982-1000_UserData.bin
+ 2009-03-31 23:26:24 10,054 -c--a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1723732237-2200155508-288485982-1000_UserData.bin
- 2009-03-29 10:21:57 93,884 -c--a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-31 23:26:23 98,304 -c--a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-12 18:57:05 1,742 -c--a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-03-31 00:50:20 3,442 -c--a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-03-29 10:21:46 43,044 -c--a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-31 23:26:23 44,718 -c--a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-01 22:23:10 181,544 -c----w c:\windows\System32\Wintab32.dll
+ 2008-05-01 22:41:38 136,488 -c----w c:\windows\System32\WTablet\Pen_TabletUser.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 18:08 143360 --a------ c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-03-10 67128]
"RamBoostXp"="c:\program files\RamBoost XP\rambxpfr.exe" [2004-03-09 1542144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-02-27 1851128]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-11-16 266497]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2009-02-27 1851128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 c:\windows\SkyTel.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-03-10 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-03-10 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a--c--- 2008-10-14 22:38 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
--a--c--- 2008-11-15 02:42 37232 c:\windows\ASScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
--a--c--- 2008-11-15 02:42 33136 c:\windows\ASScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a--c-t- 2009-03-12 14:06 133104 c:\users\Brezusama\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a--c--- 2006-03-20 17:34 213936 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r---c--- 2007-03-20 08:36 36864 c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
--a--c--- 2007-08-02 21:52 778240 c:\program files\P4P\P4P.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a--c--- 2006-11-22 11:31 630784 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2008-01-19 00:36 2153472 c:\windows\System32\oobefldr.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{4ED40CA0-AA70-49BC-BB02-84EB959A6DAD}c:\\program files\\e-on software\\vue 6 xstream\\application\\vue 6 xstream.eon"= UDP:c:\program files\e-on software\vue 6 xstream\application\vue 6 xstream.eon:Vue 6 xStream.eon
"UDP Query User{AB7DC586-A7FD-48DB-B0E4-BD0DCCBBF756}c:\\program files\\e-on software\\vue 6 xstream\\application\\vue 6 xstream.eon"= TCP:c:\program files\e-on software\vue 6 xstream\application\vue 6 xstream.eon:Vue 6 xStream.eon
"TCP Query User{E2ED9C67-BBA7-46DD-93B7-760DC5795A1D}c:\\program files\\systran\\6\\systrantranslationprojectmanager.exe"= UDP:c:\program files\systran\6\systrantranslationprojectmanager.exe:SystranTranslationProjectManager
"UDP Query User{57B29905-6A7E-451F-BA3F-2B29D2E28E53}c:\\program files\\systran\\6\\systrantranslationprojectmanager.exe"= TCP:c:\program files\systran\6\systrantranslationprojectmanager.exe:SystranTranslationProjectManager
"TCP Query User{14FEF918-3FC1-4F3A-ABCF-A3209E4F0B56}c:\\program files\\systran\\6\\systrantoolbar.exe"= UDP:c:\program files\systran\6\systrantoolbar.exe:SYSTRAN Translation Toolbar
"UDP Query User{692EF741-0050-41C5-9455-91AA40386C4D}c:\\program files\\systran\\6\\systrantoolbar.exe"= TCP:c:\program files\systran\6\systrantoolbar.exe:SYSTRAN Translation Toolbar
"{ECDB02A1-2F3F-4DB2-836B-095E9209AD9B}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{968C0427-D090-44C4-8BD1-D86C80423498}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3E3201D5-C53B-422B-AD32-67A7649A976B}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B6BD57B2-F2DD-4854-9E48-D5763CC1928A}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{54B5BEDE-FFB6-41F3-9997-1C1AF38B0A4E}"= UDP:c:\users\Brezusama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{F6E1B797-2669-4D95-8B76-D05A74403262}"= TCP:c:\users\Brezusama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{428B06E3-5D10-4F68-A089-5777361D7574}"= UDP:c:\users\Brezusama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{12563557-6A37-4EFE-B01C-10530B8B1623}"= TCP:c:\users\Brezusama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 KeyScrambler;KeyScrambler;c:\windows\System32\drivers\keyscrambler.sys [2008-11-16 114024]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [2008-11-15 108560]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [2008-11-15 28688]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-11-15 1153368]
S2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [2009-03-29 3032360]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-11-14 3664384]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\System32\drivers\wacmoumonitor.sys [2009-03-29 15144]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ECACHE
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contenu du dossier 'Tâches planifiées'

2009-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723732237-2200155508-288485982-1000.job
- c:\users\Brezusama\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-12 14:06]

2009-03-31 c:\windows\Tasks\User_Feed_Synchronization-{38AE886A-3ABD-4FB8-A768-B3BAD98A46AD}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 00:33]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Tout télécharger avec FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Consulter les dictionnaires (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/lookup.js
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Download Link Using Mega Manager...
IE: Traduire (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/translate.js
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Brezusama\AppData\Roaming\Mozilla\Firefox\Profiles\02m36fgt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\users\Brezusama\AppData\Roaming\Mozilla\Firefox\Profiles\02m36fgt.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\users\Brezusama\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\users\Brezusama\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 01:43:08
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


C:\ADSM_PData_0150

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
Heure de fin: 2009-04-01 1:45:22
ComboFix-quarantined-files.txt 2009-03-31 23:45:20

Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 56,531,648,512 octets libres

279 --- E O F --- 2009-03-26 14:42:04


Merci

Salut bzsfirefly


Fais un scan en ligne ici :
http://webscanner.kaspersky.fr/ (A faire avec Internet Explorer)

Désactive ton Antivirus avant le scan en ligne
http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm

Sur la page du scan en bas à droite clique sur Démarrer Online-scanner et dans la nouvelle fenêtre qui s'affiche clique sur J'accepte

Accepte les Contrôle ActivX

Choisis Poste de travail pour le scan. Celui-ci terminé clique sur Enregistrer rapport sous (Choisis fichier texte)

Poste le contenue du rapport

Aide pour l'utilisation du scan en ligne :
http://forum.pcastuces.com/kaspersky_online_scanner___tutoriel-f31s10.htm

P.S. : Si tu as un problème pour l'installation du Contrôle ActivX lis ceci :
http://www.inoculer.com/activex.php3

NOTE : Si tu reçoit le message "La licence de Kaspersky On-line Scanner est périmée"
Via Ajout/Suppression de programmes supprime Kaspersky Online Scanner et refaire l’installation.


@++

Hi, j'aurais bien voulu suivre la procédure, mais je n'ai plus de connexion sur le pc contaminé :s :s
En fait, il s'allume, puis au bout d'une dizaine de minutes il plante l'explorer, de là plus rien de réponds. Obligé de forcer le rédémarrage et le tout toujours sans aucune connexion....

Salut bzsfirefly


Fais une restauration système avant ce problème et poste moi à nouveau les deux rapport de RSIT.

http://www.libellules.ch/restauration_system_vista.php


@++

Bonjour, j'ai le même problème et de plus en plus de contacts sur MSN aussi j'ai l'impression ...
J'ai vu que vous avez tout analysé en détail ici. Avez-vous trouvé le fichier qui posait problème ?
J'utilise actuellement Avast et SpyBot.

Merci d'avance

EDITION MODERATEUR : Règle du forum à respecter :

Créez vous votre propre sujet

Veuillez lire l'article suivant :
http://forum.telecharger.01net.com/telecharger/securite_virus_et_assimiles/a_(...)

Merci d'en prendre connaissance.