Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

connexion lente je pense avoir un virus

amine_hr

Par amine_hr
dans Analyses et éradication malwares

 Partager

Messages recommandés

amine_hr Junior Member

amine_hr

Posté(e)
Posté(e)

ComboFix 09-09-20.01 - Achour 21/09/2009 14:08:36.4.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1256.213.1036.18.1278.700 [GMT 1:00]

Running from: C:\Documents and Settings\Achour\Mes documents\Downloads\Programs\ComboFix.exe

AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

The following files were disabled during the run:

C:\Program Files\SuperCopier2\SC2Hook.dll

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\Installer\439c9.msp

C:\WINDOWS\Installer\5355d1.msi

C:\WINDOWS\Installer\8368f.msi

C:\WINDOWS\Installer\fe48bd.msi

C:\WINDOWS\system32\msconfig.exe

 

C:\WINDOWS\system32\calc.exe . . . is infected!!

 

C:\WINDOWS\system32\freecell.exe . . . is infected!!

 

.

((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 )))))))))))))))))))))))))))))))

.

 

2009-09-20 21:18:02 . 2009-09-20 23:25:11 0 d-----w- C:\$AVG8.VAULT$

2009-09-20 21:06:11 . 2009-09-20 21:06:11 12552 ----a-w- C:\WINDOWS\system32\drivers\avgrkx86.sys

2009-09-20 21:06:11 . 2009-09-20 21:06:11 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

2009-09-20 21:06:10 . 2009-09-20 21:06:10 108552 ----a-w- C:\WINDOWS\system32\drivers\avgtdix.sys

2009-09-20 21:06:04 . 2009-09-20 21:06:04 335240 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys

2009-09-20 21:06:03 . 2009-09-20 21:06:03 27784 ----a-w- C:\WINDOWS\system32\drivers\avgmfx86.sys

2009-09-20 21:05:59 . 2009-09-21 12:13:20 0 d-----w- C:\WINDOWS\system32\drivers\Avg

2009-09-20 21:04:42 . 2009-09-20 21:04:42 50968 ----a-w- C:\WINDOWS\system32\avgfwdx.dll

2009-09-20 21:04:42 . 2009-09-20 21:04:42 29208 ----a-w- C:\WINDOWS\system32\drivers\avgfwdx.sys

2009-09-20 21:04:42 . 2009-09-20 21:04:42 0 d-----w- C:\Program Files\AVG

2009-09-20 21:04:41 . 2009-09-20 21:04:42 0 d-----w- C:\Documents and Settings\All Users\Application Data\avg8

2009-09-20 16:10:21 . 2009-09-20 16:10:21 0 d-----w- C:\Documents and Settings\Achour\Application Data\Malwarebytes

2009-09-20 14:08:54 . 2009-09-20 16:08:37 0 d-----w- C:\QUARANTINE

2009-09-20 12:10:11 . 2009-09-20 12:10:11 0 d-----w- C:\Documents and Settings\Achour\Application Data\Uniblue

2009-09-20 00:46:42 . 2009-09-20 00:46:42 0 d-----w- C:\Documents and Settings\All Users\Application Data\page

2009-09-09 09:41:50 . 2009-06-21 21:47:52 153088 -c----w- C:\WINDOWS\system32\dllcache\triedit.dll

2009-09-08 17:49:19 . 2009-09-08 17:49:19 0 d-----w- C:\Program Files\NVIDIA Corporation

2009-09-08 17:49:15 . 2009-09-08 17:49:15 0 d-----w- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

2009-09-07 20:11:43 . 2009-09-08 16:52:41 0 d-----w- C:\Documents and Settings\Achour\Application Data\Auslogics

2009-09-07 20:10:40 . 2009-09-07 20:10:40 0 d-----w- C:\Program Files\Auslogics

2009-09-06 20:22:56 . 2009-09-06 20:22:56 0 d-----w- C:\WINDOWS\system32\wbem\Repository

2009-09-05 23:04:46 . 2009-09-05 23:04:46 0 d-----w- C:\Documents and Settings\Achour\Application Data\Lavasoft

2009-09-05 22:54:59 . 2009-09-21 13:07:00 0 d-----w- C:\WINDOWS\system32\CatRoot2

2009-09-05 11:24:48 . 2009-09-05 11:24:48 0 d-----w- C:\Program Files\DAVILEX

2009-09-04 19:31:24 . 2009-09-04 19:31:24 0 d-----w- C:\Documents and Settings\Achour\Application Data\Leadertech

2009-09-04 13:13:31 . 2009-09-04 13:13:31 0 d-----w- C:\Program Files\THQ

2009-09-04 11:36:38 . 2009-09-05 21:46:36 0 d-----w- C:\Documents and Settings\Achour\Local Settings\Application Data\PHPNukeFR

2009-09-04 11:36:38 . 2009-09-04 11:36:38 0 d-----w- C:\Program Files\Conduit

2009-09-04 11:36:38 . 2009-09-04 11:36:38 0 d-----w- C:\Documents and Settings\Achour\Local Settings\Application Data\Conduit

2009-09-04 11:36:37 . 2009-09-04 11:36:38 0 d-----w- C:\Program Files\PHPNukeFR

2009-09-03 22:48:07 . 2009-09-07 20:08:13 0 d--h--w- C:\WINDOWS\msdownld.tmp

2009-09-03 22:00:07 . 2009-09-03 22:00:19 0 d-----w- C:\Program Files\Oberon Media

2009-09-03 22:00:07 . 2009-09-03 22:00:07 0 d-----w- C:\Program Files\Fichiers communs\Oberon Media

2009-09-03 20:40:21 . 2009-09-04 16:45:08 0 d-----w- C:\Program Files\Microsoft Games

2009-09-02 22:19:30 . 2009-09-03 13:34:24 0 d-----w- C:\Documents and Settings\Achour\Application Data\Synthesia

2009-09-02 22:03:03 . 2009-09-02 22:07:45 0 d-----w- C:\Documents and Settings\Achour\Local Settings\Application Data\Deployment

2009-09-01 12:00:59 . 2009-06-25 08:26:32 54272 -c----w- C:\WINDOWS\system32\dllcache\wdigest.dll

2009-09-01 12:00:59 . 2009-06-25 08:26:31 301568 -c----w- C:\WINDOWS\system32\dllcache\kerberos.dll

2009-09-01 12:00:58 . 2009-06-25 08:26:32 136192 -c----w- C:\WINDOWS\system32\dllcache\msv1_0.dll

2009-09-01 12:00:58 . 2009-06-24 11:18:41 92928 -c----w- C:\WINDOWS\system32\dllcache\ksecdd.sys

2009-08-27 23:46:59 . 2009-08-27 23:48:57 0 d-----w- C:\Documents and Settings\Achour\Application Data\MozillaControl

2009-08-27 23:46:35 . 2009-08-27 23:46:35 0 d-----w- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests

2009-08-27 15:07:55 . 2009-08-27 15:07:59 0 d-----w- C:\Program Files\Skype

2009-08-22 23:41:53 . 2002-03-13 16:46:46 53248 ----a-w- C:\WINDOWS\system32\zlib.dll

2009-08-22 23:41:53 . 2000-10-01 23:00:00 119568 ----a-w- C:\WINDOWS\system32\VB6FR.DLL

2009-08-22 23:41:52 . 2009-08-22 23:41:54 0 d-----w- C:\Program Files\scrabbleproB

2009-08-22 18:00:48 . 2009-08-22 18:01:56 0 d-----w- C:\Program Files\Microsoft

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-21 13:15:09 . 2009-04-07 22:28:44 0 d-----w- C:\Program Files\SuperCopier2

2009-09-21 12:47:52 . 2009-04-06 23:28:38 0 d-----w- C:\Documents and Settings\Achour\Application Data\DMCache

2009-09-21 12:42:03 . 2009-09-16 00:01:37 0 d-----w- C:\Program Files\IDMan

2009-09-21 12:31:20 . 2009-07-21 17:41:36 0 d-----w- C:\Documents and Settings\Achour\Application Data\vlc

2009-09-20 22:16:47 . 2009-09-16 00:04:42 0 d-----w- C:\Documents and Settings\Achour\Application Data\IDM

2009-09-20 21:31:55 . 2009-04-08 21:49:51 0 d-----w- C:\Program Files\Java

2009-09-20 17:01:38 . 2009-04-06 19:42:11 0 d-----w- C:\Program Files\Yahoo!

2009-09-20 17:01:24 . 2009-07-25 17:42:22 0 d-----w- C:\Program Files\IObit

2009-09-20 13:08:07 . 2009-05-29 23:13:48 0 d-----w- C:\Program Files\Google

2009-09-19 13:07:52 . 2009-09-10 21:02:00 0 d-----w- C:\Documents and Settings\Achour\Application Data\Thinstall

2009-09-18 17:07:07 . 2009-04-07 17:20:05 336824 ----a-w- C:\Documents and Settings\Achour\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-18 11:10:49 . 2009-09-18 11:10:49 0 d-----w- C:\Documents and Settings\All Users\Application Data\Musicnotes

2009-09-18 11:09:06 . 2009-09-18 11:09:06 0 d-----w- C:\Program Files\Musicnotes

2009-09-17 13:46:30 . 2009-04-22 17:30:11 0 d-----w- C:\Documents and Settings\Anis\Application Data\vlc

2009-09-16 00:01:38 . 2009-09-16 00:01:38 3553 ----a-w- C:\Program Files\Uninstall.ini

2009-09-16 00:01:38 . 2009-09-11 16:09:58 67538 ----a-w- C:\Program Files\Uninstall.exe

2009-09-11 13:32:03 . 2009-09-11 13:32:03 23600 ----a-w- C:\WINDOWS\system32\drivers\TVICHW32.SYS

2009-09-11 13:05:22 . 2009-04-08 09:07:55 0 d-----w- C:\Documents and Settings\Achour\Application Data\Media Player Classic

2009-09-10 21:33:18 . 2009-09-10 21:33:18 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat

2009-09-09 21:34:10 . 2009-04-08 08:53:29 0 d-----w- C:\Documents and Settings\Achour\Application Data\dvdcss

2009-09-09 15:22:09 . 2009-04-07 09:09:08 0 d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2009-09-09 11:43:10 . 2009-09-16 11:54:11 210352 ----a-w- C:\WINDOWS\system32\idmmbc.dll

2009-09-08 17:17:21 . 2009-04-09 16:02:05 0 d-----w- C:\Program Files\ma-config.com

2009-09-08 17:17:21 . 2009-04-09 16:02:05 0 d-----w- C:\Documents and Settings\All Users\Application Data\ma-config.com

2009-09-05 23:01:13 . 2004-08-28 14:00:00 83676 ----a-w- C:\WINDOWS\system32\perfc00C.dat

2009-09-05 23:01:13 . 2004-08-28 14:00:00 510144 ----a-w- C:\WINDOWS\system32\perfh00C.dat

2009-09-05 11:27:36 . 2009-04-06 19:36:12 0 d--h--w- C:\Program Files\InstallShield Installation Information

2009-09-03 18:04:06 . 2009-08-17 11:31:29 0 d-----w- C:\Program Files\midi

2009-09-01 14:41:11 . 2009-08-08 07:31:39 0 d-----w- C:\Documents and Settings\Anis\Application Data\IObit

2009-08-28 15:25:17 . 2009-08-17 10:31:24 0 d-----w- C:\Documents and Settings\Achour\Application Data\Skype

2009-08-27 23:01:38 . 2009-08-17 10:35:15 0 d-----w- C:\Documents and Settings\Achour\Application Data\skypePM

2009-08-17 10:35:16 . 2009-08-17 10:35:16 56 ---ha-w- C:\WINDOWS\system32\ezsidmv.dat

2009-08-17 10:30:22 . 2009-08-17 10:30:22 0 d-----w- C:\Program Files\Fichiers communs\Skype

2009-08-17 10:30:18 . 2009-08-17 10:30:11 0 d-----w- C:\Documents and Settings\All Users\Application Data\Skype

2009-08-17 02:03:50 . 2009-08-17 02:03:50 3674112 ----a-w- C:\WINDOWS\system32\nvwssr.dll

2009-08-17 02:02:52 . 2009-08-17 02:02:52 229376 ----a-w- C:\WINDOWS\system32\nvmccs.dll

2009-08-16 23:57:00 . 2009-07-09 14:04:20 485920 ----a-w- C:\WINDOWS\system32\nvudisp.exe

2009-08-16 23:57:00 . 2009-06-10 05:03:00 868352 ----a-w- C:\WINDOWS\system32\nvapi.dll

2009-08-16 23:57:00 . 2009-06-10 05:03:00 2189856 ----a-w- C:\WINDOWS\system32\nvcuvid.dll

2009-08-16 23:57:00 . 2009-06-10 05:03:00 2002944 ----a-w- C:\WINDOWS\system32\nvcuda.dll

2009-08-16 23:57:00 . 2009-06-10 05:03:00 1706528 ----a-w- C:\WINDOWS\system32\nvcuvenc.dll

2009-08-16 23:57:00 . 2009-06-10 05:03:00 1597690 ----a-w- C:\WINDOWS\system32\nvdata.bin

2009-08-16 23:57:00 . 2009-06-10 05:03:00 155648 ----a-w- C:\WINDOWS\system32\nvcodins.dll

2009-08-16 23:57:00 . 2009-06-10 05:03:00 155648 ----a-w- C:\WINDOWS\system32\nvcod.dll

2009-08-16 23:57:00 . 2009-06-10 05:03:00 10457088 ----a-w- C:\WINDOWS\system32\nvoglnt.dll

2009-08-16 23:57:00 . 2004-08-28 14:00:00 7729568 ----a-w- C:\WINDOWS\system32\drivers\nv4_mini.sys

2009-08-16 23:57:00 . 2004-08-28 14:00:00 5845760 ----a-w- C:\WINDOWS\system32\nv4_disp.dll

2009-08-15 19:31:31 . 2009-08-15 19:31:31 0 d-----w- C:\Program Files\ParetoLogic

2009-08-11 11:35:08 . 2009-07-09 14:04:01 485920 ----a-w- C:\WINDOWS\system32\NVUNINST.EXE

2009-08-05 09:00:38 . 2004-08-28 14:00:00 205312 ----a-w- C:\WINDOWS\system32\mswebdvd.dll

2009-07-26 15:44:56 . 2009-07-26 15:44:56 48448 ----a-w- C:\WINDOWS\system32\sirenacm.dll

2009-07-25 19:27:59 . 2009-07-25 17:42:23 0 d-----w- C:\Documents and Settings\Achour\Application Data\IObit

2009-07-25 04:23:00 . 2009-04-08 21:50:25 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll

2009-07-17 19:03:33 . 2004-08-28 14:00:00 58880 ----a-w- C:\WINDOWS\system32\atl.dll

2009-07-15 10:48:31 . 2009-07-15 10:19:03 133844 ----a-w- C:\WINDOWS\HPHins11.dat

2009-07-13 22:43:24 . 2004-08-28 14:00:00 286208 ----a-w- C:\WINDOWS\system32\wmpdxm.dll

2009-07-03 16:57:51 . 2004-08-28 14:00:00 915456 ----a-w- C:\WINDOWS\system32\wininet.dll

2009-06-25 08:26:32 . 2004-08-28 14:00:00 736768 ----a-w- C:\WINDOWS\system32\lsasrv.dll

2009-06-25 08:26:32 . 2004-08-28 14:00:00 56832 ----a-w- C:\WINDOWS\system32\secur32.dll

2009-06-25 08:26:32 . 2004-08-28 14:00:00 54272 ----a-w- C:\WINDOWS\system32\wdigest.dll

2009-06-25 08:26:32 . 2004-08-28 14:00:00 147456 ----a-w- C:\WINDOWS\system32\schannel.dll

2009-06-25 08:26:32 . 2004-08-28 14:00:00 136192 ----a-w- C:\WINDOWS\system32\msv1_0.dll

2009-06-25 08:26:31 . 2004-08-28 14:00:00 301568 ----a-w- C:\WINDOWS\system32\kerberos.dll

2009-06-24 11:18:41 . 2004-08-28 14:00:00 92928 ----a-w- C:\WINDOWS\system32\drivers\ksecdd.sys

.

 

------- Sigcheck -------

 

 

[7] 2008-04-13 17:33:40 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\regsvc.dll

 

[-] 2004-08-28 14:00:00 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\mspmsnsv.dll

 

C:\WINDOWS\system32\drivers\beep.sys ... is missing !!

C:\WINDOWS\system32\regsvc.dll ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 16:45:00 1052672]

"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2009-08-26 16:53:28 1681208]

"IDMan"="C:\Program Files\IDMan\IDMan.exe" [2009-09-10 15:30:20 3118512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 01:37:14 121089]

"nwiz"="C:\Program Files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 22:40:58 1657376]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-08-17 02:03:00 13877248]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2009-08-17 02:03:00 86016]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-09-20 21:05:52 2022680]

"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-25 04:23:12 149280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 17:34:00 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - C:\WINDOWS\system32\advpack.dll [2009-03-08 03:32:48 128512]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-09-20 21:06:11 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^Achour^Menu Démarrer^Programmes^Démarrage^hamachi.lnk]

path=C:\Documents and Settings\Achour\Menu Démarrer\Programmes\Démarrage\hamachi.lnk

backup=C:\WINDOWS\pss\hamachi.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avast! Mail Scanner"=3 (0x3)

"avast! Web Scanner"=3 (0x3)

"aswUpdSv"=2 (0x2)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

"snpstd"=C:\WINDOWS\vsnpstd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"23870:TCP"= 23870:TCP:BitComet 23870 TCP

"23870:UDP"= 23870:UDP:BitComet 23870 UDP

 

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\drivers\avgrkx86.sys [20/09/2009 22:06:11 12552]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\drivers\xfilt.sys [28/08/2004 15:00:00 22168]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [20/09/2009 22:06:04 335240]

R1 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [20/09/2009 22:06:10 108552]

R2 ADSLAutoconnect;ADSLAutoconnect;C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe [13/06/2009 01:48:47 446464]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [20/09/2009 22:05:51 297752]

R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [20/09/2009 22:05:52 1370488]

R2 LF30FS;LF30FS;C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19/11/2004 18:07:00 101488]

R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\drivers\avgfwdx.sys [20/09/2009 22:04:42 29208]

S2 ELOADER;General Purpose USB Driver (adildr.sys);C:\WINDOWS\system32\drivers\adildr.sys [22/06/2009 19:18:34 56088]

S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\drivers\avgfwdx.sys [20/09/2009 22:04:42 29208]

S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [01/09/2009 08:07:48 234864]

 

--- Other Services/Drivers In Memory ---

 

*Deregistered* - mchInjDrv

*Deregistered* - project

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

 

2009-09-20 C:\WINDOWS\Tasks\ParetoLogic Registration.job

- C:\Program Files\Fichiers communs\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59:10 . 2009-01-13 14:59:10]

 

2009-09-20 C:\WINDOWS\Tasks\ParetoLogic Update Version2.job

- C:\Program Files\Fichiers communs\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59:10 . 2009-01-13 14:59:10]

 

2009-09-21 C:\WINDOWS\Tasks\User_Feed_Synchronization-{CC12604D-D98D-4465-8371-4230BBDAA0B8}.job

- C:\WINDOWS\system32\msfeedssync.exe [2004-08-28 14:00:00 . 2009-03-08 03:31:54]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://y.lo.st/

uDefault_Search_URL = hxxp://www.google.fr/keyword/%s

uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s

IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Télécharger avec IDM - C:\Program Files\IDMan\IEExt.htm

IE: Télécharger le contenu de video FLV avec IDM - C:\Program Files\IDMan\IEGetVL.htm

IE: Télécharger tous les liens avec IDM - C:\Program Files\IDMan\IEGetAll.htm

LSP: C:\WINDOWS\system32\idmmbc.dll

TCP: {89673A50-1CE7-4002-9EC6-AE1E17846735} = 208.67.222.222,208.67.220.220,192.168.1.254

FF - ProfilePath - C:\Documents and Settings\Achour\Application Data\Mozilla\Firefox\Profiles\4zrohl8t.default\

FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://google.fr

FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=

FF - component: C:\Documents and Settings\Achour\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

FF - component: C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: C:\Program Files\ma-config.com\nphardwaredetection.dll

FF - plugin: C:\Program Files\Microsoft\Office Live\npOLW.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 50

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: yahoo.homepage.dontask - true

FF - user.js: browser.blink_allowed - true

FF - user.js: network.prefetch-next - true

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...