Infectée par "Antivirus Software Alert"

[NalyC]

J'ai une clé USB mais je l'ai pas sous la main pour le moment donc .. :/

J'avais oublié mon lecteur de cartes avec carte HDMI, je viens de le mettre, voici le rapport.

 

 

############################## | UsbFix V6.112 |

 

User : Céline (Administrateurs) # PC-DE-CELINE

Update on 09/05/2010 by El Desaparecido , C_XX & Chimay8

Start at: 17:02:14 | 09/05/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Core2 Duo CPU T6400 @ 2.00GHz

Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1

Internet Explorer 7.0.6001.18000

Windows Firewall Status : Disabled

 

C:\ -> Disque fixe local # 227,88 Go (157,46 Go free) [ACER] # NTFS

D:\ -> Disque fixe local # 227,88 Go (206,3 Go free) [Multimédia] # NTFS

E:\ -> Disque CD-ROM

F:\ -> Disque amovible

G:\ -> Disque amovible # 3,74 Go (3,74 Go free) [NEW VOLUME] # FAT32

H:\ -> Disque amovible

I:\ -> Disque amovible

 

################## | Elements infectieux |

 

C:\Users\CLINE~1\AppData\Local\Temp\a.dat

C:\Users\CLINE~1\AppData\Local\Temp\Rnq.exe

C:\Users\CLINE~1\AppData\Local\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe

C:\Users\CLINE~1\AppData\Local\Temp\xmlUpdater.exe

 

################## | Registre |

 

 

################## | Mountpoints2 |

 

HKCU\..\..\Explorer\MountPoints2\{50cdad00-3364-11de-a869-00238b4c6866}

shell\AutoRun\command =pcxis.exe

shell\open\Command =pcxis.exe

 

################## | Vaccin |

 

(!) Cet ordinateur n'est pas vacciné !

 

################## | ! Fin du rapport # UsbFix V6.112 ! |

 

 

 

 

Je procède maintenant à la désinfection?

[Apollo]

Voui

 

Ton prénom me fait penser à une ancienne chanson...

 

@++

[NalyC]

Ah bon? Mon prénom fait penser à quoi ? lol

 

Voila le rapport

 

 

############################## | UsbFix V6.112 |

 

User : Céline (Administrateurs) # PC-DE-CELINE

Update on 09/05/2010 by El Desaparecido , C_XX & Chimay8

Start at: 17:16:58 | 09/05/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Core2 Duo CPU T6400 @ 2.00GHz

Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1

Internet Explorer 7.0.6001.18000

Windows Firewall Status : Disabled

 

C:\ -> Disque fixe local # 227,88 Go (157,28 Go free) [ACER] # NTFS

D:\ -> Disque fixe local # 227,88 Go (206,3 Go free) [Multimédia] # NTFS

E:\ -> Disque CD-ROM

F:\ -> Disque amovible

G:\ -> Disque amovible # 3,74 Go (3,74 Go free) [NEW VOLUME] # FAT32

H:\ -> Disque amovible

I:\ -> Disque amovible

 

################## | Elements infectieux |

 

Supprimé ! C:\Users\CLINE~1\AppData\Local\Temp\a.dat

Supprimé ! C:\Users\CLINE~1\AppData\Local\Temp\Rnq.exe

Supprimé ! C:\Users\CLINE~1\AppData\Local\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe

Supprimé ! C:\Users\CLINE~1\AppData\Local\Temp\xmlUpdater.exe

Supprimé ! C:\$Recycle.Bin\S-1-5-21-3890085218-2298435822-1139494261-1000

Supprimé ! C:\$Recycle.Bin\S-1-5-21-3890085218-2298435822-1139494261-500

Supprimé ! D:\$Recycle.Bin\S-1-5-21-3890085218-2298435822-1139494261-1000

Supprimé ! D:\$Recycle.Bin\S-1-5-21-3890085218-2298435822-1139494261-500

 

################## | Registre |

 

 

################## | Mountpoints2 |

 

Supprimé ! HKCU\...\Explorer\MountPoints2\{50cdad00-3364-11de-a869-00238b4c6866}\Shell\AutoRun\Command

 

################## | Listing des fichiers présent |

 

[18/09/2006 23:43|--a------|24] C:\autoexec.bat

[21/01/2008 04:24|-rahs----|333203] C:\bootmgr

[01/11/2008 02:21|-ra-s----|8192] C:\BOOTSECT.BAK

[18/09/2006 23:43|--a------|10] C:\config.sys

[?|?|?] C:\hiberfil.sys

[?|?|?] C:\pagefile.sys

[31/10/2008 18:26|--a------|426] C:\RHDSetup.log

[09/05/2010 11:02|--a------|527] C:\rkill.log

[09/05/2010 17:22|--a------|2011] C:\UsbFix.txt

[03/03/2010 02:30|--a------|4214616] D:\-.mp3

[03/02/2010 21:08|--a------|3169095] D:\Ailys - Je te promets.mp3

[24/11/2009 01:22|--a------|19760883] D:\Alicia Keys - Doesn't Mean Anything.m4v

[24/11/2009 08:22|--a------|20555020] D:\Alicia Keys Doesn't Mean Anything (Official Music Video) HD 1080p.m4v

[24/11/2009 02:01|--a------|18812560] D:\Black Eyed Peas - Meet me halfway (clip officiel).m4v

[17/02/2010 15:01|--a------|456047] D:\c'est mon choix - generique2.mp3

[17/02/2010 22:37|--a------|2469519] D:\c'est mon choix - generique4.wmv

[28/10/2009 22:21|--a------|34711410] D:\Carine.wmv

[08/03/2010 00:30|--a------|19517825] D:\Charice - Pyramid (ft IYAZ).m4v

[08/03/2010 00:30|--a------|3779985] D:\Charice - Pyramid (ft IYAZ).mp3

[24/11/2009 08:22|--a------|14405430] D:\ChaŒne de KanyeWestUniverse.m4v

[08/03/2010 00:31|--a------|12641756] D:\Facebook Accueil.m4v

[06/12/2009 19:16|--a------|32232505] D:\Facebook Accueil2.m4v

[21/02/2010 22:50|--a------|16038948] D:\Facebook Carlwin Garrido.m4v

[18/03/2010 18:53|--a------|33542873] D:\Facebook Mtb Dvj.m4v

[03/03/2010 22:30|--a------|17587327] D:\Facebook.m4v

[27/10/2009 23:03|--a------|43542014] D:\Family.wmv

[24/11/2009 02:01|--a------|25359083] D:\Gangsta Luv Ft The Dream Official Music Video.m4v

[17/02/2010 15:58|--a------|4167184] D:\Generique de Fin.wmv

[17/02/2010 22:41|--a------|2029204] D:\Generique du d‚but.wmv

[24/11/2009 02:01|--a------|19166167] D:\IYAZ- Replay [MUSIC VIDEO HQ].m4v

[26/02/2010 13:40|--a------|24354964] D:\J Entercom - Kiss [because I'm A Girl].m4v

[24/11/2009 08:22|--a------|21541522] D:\Jason Derulo - Whatcha Say - Official Video.m4v

[09/03/2010 20:46|--a------|3217674] D:\Keyshia Cole - This is us.mp3

[26/11/2009 23:06|--a------|44347857] D:\MEGAVIDEO - Je le regarde.m4v

[26/11/2009 23:12|--a------|39806211] D:\MEGAVIDEO - Je le regarde2.m4v

[24/11/2009 08:22|--a------|36967692] D:\New Boyz Ft. Ray J Tie Me Down OFFICIAL Music Video [HQ] Skee.TV.m4v

[24/11/2009 01:21|--a------|14572752] D:\trey songz i invented sex.m4v

[27/01/2010 12:48|--a------|3755105] D:\Willy Denz - Vivo volando.mp3

[27/01/2010 12:55|--a------|3940723] D:\Willy Denzey - Va t'en.mp3

 

################## | Vaccination |

 

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

# G:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

 

################## | Upload |

 

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PC-DE-CELINE.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Merci pour votre contribution .

 

################## | ! Fin du rapport # UsbFix V6.112 ! |

[Apollo]

Télécharge TDSSKiller.zip de Kaspersky sur ton bureau.

 

Décompresse-le. (clic droit/extraire ici).

 

Ouvre le dossier si la décompression a donné un répertoire TDSSKiller.

 

Double-clique sur TDSSKiller.exe

 

A la fin de l'exécution, appuie sur une touche comme demandé pour fermer la fenêtre.

Si un reboot est demandé, accepter en tapant Y (yes) et valider avec Enter.

 

NB: Pendant la procédure, si TDSSKiller fait apparaître ce message:

Hidden service detected: nom du service caché:

Type "delete" (without quotes) to delete it: 14:30:08:000 0256

,

 

tape delete et valide par la touche Enter.

 

Il y aura un rapport TDSSKiller.txt sur le C:\

Ouvre le fichier texte et copie l'entièreté du contenu; colle-le dans ta réponse.

 

@++

[NalyC]

17:32:36:680 5980 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04

17:32:36:680 5980 ================================================================================

17:32:36:680 5980 SystemInfo:

 

17:32:36:680 5980 OS Version: 6.0.6001 ServicePack: 1.0

17:32:36:680 5980 Product type: Workstation

17:32:36:680 5980 ComputerName: PC-DE-CELINE

17:32:36:680 5980 UserName: Céline

17:32:36:680 5980 Windows directory: C:\Windows

17:32:36:680 5980 Processor architecture: Intel x86

17:32:36:680 5980 Number of processors: 2

17:32:36:680 5980 Page size: 0x1000

17:32:36:683 5980 Boot type: Normal boot

17:32:36:683 5980 ================================================================================

17:32:36:688 5980 UnloadDriverW: NtUnloadDriver error 2

17:32:36:688 5980 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

17:32:50:063 5980 wfopen_ex: Trying to open file C:\Windows\system32\config\system

17:32:50:063 5980 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

17:32:50:063 5980 wfopen_ex: Trying to KLMD file open

17:32:50:063 5980 wfopen_ex: File opened ok (Flags 2)

17:32:50:095 5980 wfopen_ex: Trying to open file C:\Windows\system32\config\software

17:32:50:095 5980 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

17:32:50:095 5980 wfopen_ex: Trying to KLMD file open

17:32:50:095 5980 wfopen_ex: File opened ok (Flags 2)

17:32:50:095 5980 Initialize success

17:32:50:095 5980

17:32:50:098 5980 Scanning Services ...

17:32:50:998 5980 Raw services enum returned 456 services

17:32:51:025 5980 Suspicious serv wfyyrvlt (h: 0, b: 1)

17:32:51:025 5980

17:32:51:025 5980 Hidden service detected!

17:32:51:025 5980 Service name: wfyyrvlt

17:32:51:028 5980 Image path:

17:32:51:028 5980 Type "delete" (without quotes) to delete it: 17:33:07:163 5980

17:33:07:163 5980 By user detect wfyyrvlt

17:33:07:163 5980 RegNode HKLM\SYSTEM\ControlSet001\services\wfyyrvlt infected by TDSS rootkit ... 17:33:07:163 5980 will be deleted on reboot

17:33:07:213 5980 RegNode HKLM\SYSTEM\ControlSet002\services\wfyyrvlt infected by TDSS rootkit ... 17:33:07:215 5980 will be deleted on reboot

17:33:07:248 5980 File C:\Windows\system32\drivers\wfyyrvlt.sys infected by TDSS rootkit ... 17:33:07:248 5980 will be deleted on reboot

17:33:07:248 5980

17:33:07:248 5980 Scanning Kernel memory ...

17:33:07:248 5980 Devices to scan: 5

17:33:07:248 5980

17:33:07:250 5980 Driver Name: USBSTOR

17:33:07:250 5980 IRP_MJ_CREATE : 90119B40

17:33:07:250 5980 IRP_MJ_CREATE_NAMED_PIPE : 8226E013

17:33:07:250 5980 IRP_MJ_CLOSE : 90119BB8

17:33:07:250 5980 IRP_MJ_READ : 90119C30

17:33:07:250 5980 IRP_MJ_WRITE : 90119C30

17:33:07:250 5980 IRP_MJ_QUERY_INFORMATION : 8226E013

17:33:07:250 5980 IRP_MJ_SET_INFORMATION : 8226E013

17:33:07:250 5980 IRP_MJ_QUERY_EA : 8226E013

17:33:07:250 5980 IRP_MJ_SET_EA : 8226E013

17:33:07:250 5980 IRP_MJ_FLUSH_BUFFERS : 8226E013

17:33:07:250 5980 IRP_MJ_QUERY_VOLUME_INFORMATION : 8226E013

17:33:07:250 5980 IRP_MJ_SET_VOLUME_INFORMATION : 8226E013

17:33:07:250 5980 IRP_MJ_DIRECTORY_CONTROL : 8226E013

17:33:07:250 5980 IRP_MJ_FILE_SYSTEM_CONTROL : 8226E013

17:33:07:250 5980 IRP_MJ_DEVICE_CONTROL : 90119828

17:33:07:250 5980 IRP_MJ_INTERNAL_DEVICE_CONTROL : 9010E4AA

17:33:07:250 5980 IRP_MJ_SHUTDOWN : 8226E013

17:33:07:250 5980 IRP_MJ_LOCK_CONTROL : 8226E013

17:33:07:250 5980 IRP_MJ_CLEANUP : 8226E013

17:33:07:250 5980 IRP_MJ_CREATE_MAILSLOT : 8226E013

17:33:07:250 5980 IRP_MJ_QUERY_SECURITY : 8226E013

17:33:07:250 5980 IRP_MJ_SET_SECURITY : 8226E013

17:33:07:250 5980 IRP_MJ_POWER : 90117F9A

17:33:07:250 5980 IRP_MJ_SYSTEM_CONTROL : 901157A2

17:33:07:250 5980 IRP_MJ_DEVICE_CHANGE : 8226E013

17:33:07:250 5980 IRP_MJ_QUERY_QUOTA : 8226E013

17:33:07:250 5980 IRP_MJ_SET_QUOTA : 8226E013

17:33:07:265 5980 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1

17:33:07:265 5980

17:33:07:265 5980 Driver Name: USBSTOR

17:33:07:265 5980 IRP_MJ_CREATE : 90119B40

17:33:07:265 5980 IRP_MJ_CREATE_NAMED_PIPE : 8226E013

17:33:07:265 5980 IRP_MJ_CLOSE : 90119BB8

17:33:07:265 5980 IRP_MJ_READ : 90119C30

17:33:07:265 5980 IRP_MJ_WRITE : 90119C30

17:33:07:265 5980 IRP_MJ_QUERY_INFORMATION : 8226E013

17:33:07:265 5980 IRP_MJ_SET_INFORMATION : 8226E013

17:33:07:265 5980 IRP_MJ_QUERY_EA : 8226E013

17:33:07:265 5980 IRP_MJ_SET_EA : 8226E013

17:33:07:265 5980 IRP_MJ_FLUSH_BUFFERS : 8226E013

17:33:07:265 5980 IRP_MJ_QUERY_VOLUME_INFORMATION : 8226E013

17:33:07:265 5980 IRP_MJ_SET_VOLUME_INFORMATION : 8226E013

17:33:07:265 5980 IRP_MJ_DIRECTORY_CONTROL : 8226E013

17:33:07:265 5980 IRP_MJ_FILE_SYSTEM_CONTROL : 8226E013

17:33:07:265 5980 IRP_MJ_DEVICE_CONTROL : 90119828

17:33:07:265 5980 IRP_MJ_INTERNAL_DEVICE_CONTROL : 9010E4AA

17:33:07:265 5980 IRP_MJ_SHUTDOWN : 8226E013

17:33:07:265 5980 IRP_MJ_LOCK_CONTROL : 8226E013

17:33:07:265 5980 IRP_MJ_CLEANUP : 8226E013

17:33:07:265 5980 IRP_MJ_CREATE_MAILSLOT : 8226E013

17:33:07:265 5980 IRP_MJ_QUERY_SECURITY : 8226E013

17:33:07:265 5980 IRP_MJ_SET_SECURITY : 8226E013

17:33:07:265 5980 IRP_MJ_POWER : 90117F9A

17:33:07:265 5980 IRP_MJ_SYSTEM_CONTROL : 901157A2

17:33:07:265 5980 IRP_MJ_DEVICE_CHANGE : 8226E013

17:33:07:265 5980 IRP_MJ_QUERY_QUOTA : 8226E013

17:33:07:265 5980 IRP_MJ_SET_QUOTA : 8226E013

17:33:07:268 5980 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1

17:33:07:268 5980

17:33:07:268 5980 Driver Name: USBSTOR

17:33:07:268 5980 IRP_MJ_CREATE : 90119B40

17:33:07:268 5980 IRP_MJ_CREATE_NAMED_PIPE : 8226E013

17:33:07:268 5980 IRP_MJ_CLOSE : 90119BB8

17:33:07:270 5980 IRP_MJ_READ : 90119C30

17:33:07:270 5980 IRP_MJ_WRITE : 90119C30

17:33:07:270 5980 IRP_MJ_QUERY_INFORMATION : 8226E013

17:33:07:270 5980 IRP_MJ_SET_INFORMATION : 8226E013

17:33:07:270 5980 IRP_MJ_QUERY_EA : 8226E013

17:33:07:270 5980 IRP_MJ_SET_EA : 8226E013

17:33:07:270 5980 IRP_MJ_FLUSH_BUFFERS : 8226E013

17:33:07:270 5980 IRP_MJ_QUERY_VOLUME_INFORMATION : 8226E013

17:33:07:270 5980 IRP_MJ_SET_VOLUME_INFORMATION : 8226E013

17:33:07:270 5980 IRP_MJ_DIRECTORY_CONTROL : 8226E013

17:33:07:270 5980 IRP_MJ_FILE_SYSTEM_CONTROL : 8226E013

17:33:07:270 5980 IRP_MJ_DEVICE_CONTROL : 90119828

17:33:07:270 5980 IRP_MJ_INTERNAL_DEVICE_CONTROL : 9010E4AA

17:33:07:270 5980 IRP_MJ_SHUTDOWN : 8226E013

17:33:07:270 5980 IRP_MJ_LOCK_CONTROL : 8226E013

17:33:07:270 5980 IRP_MJ_CLEANUP : 8226E013

17:33:07:270 5980 IRP_MJ_CREATE_MAILSLOT : 8226E013

17:33:07:270 5980 IRP_MJ_QUERY_SECURITY : 8226E013

17:33:07:270 5980 IRP_MJ_SET_SECURITY : 8226E013

17:33:07:270 5980 IRP_MJ_POWER : 90117F9A

17:33:07:270 5980 IRP_MJ_SYSTEM_CONTROL : 901157A2

17:33:07:270 5980 IRP_MJ_DEVICE_CHANGE : 8226E013

17:33:07:270 5980 IRP_MJ_QUERY_QUOTA : 8226E013

17:33:07:270 5980 IRP_MJ_SET_QUOTA : 8226E013

17:33:07:273 5980 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1

17:33:07:273 5980

17:33:07:273 5980 Driver Name: USBSTOR

17:33:07:273 5980 IRP_MJ_CREATE : 90119B40

17:33:07:273 5980 IRP_MJ_CREATE_NAMED_PIPE : 8226E013

17:33:07:273 5980 IRP_MJ_CLOSE : 90119BB8

17:33:07:273 5980 IRP_MJ_READ : 90119C30

17:33:07:273 5980 IRP_MJ_WRITE : 90119C30

17:33:07:273 5980 IRP_MJ_QUERY_INFORMATION : 8226E013

17:33:07:273 5980 IRP_MJ_SET_INFORMATION : 8226E013

17:33:07:273 5980 IRP_MJ_QUERY_EA : 8226E013

17:33:07:273 5980 IRP_MJ_SET_EA : 8226E013

17:33:07:273 5980 IRP_MJ_FLUSH_BUFFERS : 8226E013

17:33:07:273 5980 IRP_MJ_QUERY_VOLUME_INFORMATION : 8226E013

17:33:07:273 5980 IRP_MJ_SET_VOLUME_INFORMATION : 8226E013

17:33:07:273 5980 IRP_MJ_DIRECTORY_CONTROL : 8226E013

17:33:07:273 5980 IRP_MJ_FILE_SYSTEM_CONTROL : 8226E013

17:33:07:273 5980 IRP_MJ_DEVICE_CONTROL : 90119828

17:33:07:273 5980 IRP_MJ_INTERNAL_DEVICE_CONTROL : 9010E4AA

17:33:07:273 5980 IRP_MJ_SHUTDOWN : 8226E013

17:33:07:273 5980 IRP_MJ_LOCK_CONTROL : 8226E013

17:33:07:273 5980 IRP_MJ_CLEANUP : 8226E013

17:33:07:273 5980 IRP_MJ_CREATE_MAILSLOT : 8226E013

17:33:07:273 5980 IRP_MJ_QUERY_SECURITY : 8226E013

17:33:07:273 5980 IRP_MJ_SET_SECURITY : 8226E013

17:33:07:273 5980 IRP_MJ_POWER : 90117F9A

17:33:07:273 5980 IRP_MJ_SYSTEM_CONTROL : 901157A2

17:33:07:273 5980 IRP_MJ_DEVICE_CHANGE : 8226E013

17:33:07:273 5980 IRP_MJ_QUERY_QUOTA : 8226E013

17:33:07:275 5980 IRP_MJ_SET_QUOTA : 8226E013

17:33:07:278 5980 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1

17:33:07:278 5980

17:33:07:278 5980 Driver Name: iaStor

17:33:07:278 5980 IRP_MJ_CREATE : 807592D2

17:33:07:278 5980 IRP_MJ_CREATE_NAMED_PIPE : 8226E013

17:33:07:278 5980 IRP_MJ_CLOSE : 807592D2

17:33:07:278 5980 IRP_MJ_READ : 8226E013

17:33:07:278 5980 IRP_MJ_WRITE : 8226E013

17:33:07:278 5980 IRP_MJ_QUERY_INFORMATION : 8226E013

17:33:07:278 5980 IRP_MJ_SET_INFORMATION : 8226E013

17:33:07:278 5980 IRP_MJ_QUERY_EA : 8226E013

17:33:07:278 5980 IRP_MJ_SET_EA : 8226E013

17:33:07:278 5980 IRP_MJ_FLUSH_BUFFERS : 8226E013

17:33:07:278 5980 IRP_MJ_QUERY_VOLUME_INFORMATION : 8226E013

17:33:07:278 5980 IRP_MJ_SET_VOLUME_INFORMATION : 8226E013

17:33:07:278 5980 IRP_MJ_DIRECTORY_CONTROL : 8226E013

17:33:07:278 5980 IRP_MJ_FILE_SYSTEM_CONTROL : 8226E013

17:33:07:278 5980 IRP_MJ_DEVICE_CONTROL : 807564FC

17:33:07:278 5980 IRP_MJ_INTERNAL_DEVICE_CONTROL : 807534FC

17:33:07:278 5980 IRP_MJ_SHUTDOWN : 8226E013

17:33:07:278 5980 IRP_MJ_LOCK_CONTROL : 8226E013

17:33:07:278 5980 IRP_MJ_CLEANUP : 8226E013

17:33:07:278 5980 IRP_MJ_CREATE_MAILSLOT : 8226E013

17:33:07:278 5980 IRP_MJ_QUERY_SECURITY : 8226E013

17:33:07:278 5980 IRP_MJ_SET_SECURITY : 8226E013

17:33:07:278 5980 IRP_MJ_POWER : 8074E7E8

17:33:07:278 5980 IRP_MJ_SYSTEM_CONTROL : 8074DC6A

17:33:07:278 5980 IRP_MJ_DEVICE_CHANGE : 8226E013

17:33:07:278 5980 IRP_MJ_QUERY_QUOTA : 8226E013

17:33:07:278 5980 IRP_MJ_SET_QUOTA : 8226E013

17:33:07:298 5980 C:\Windows\system32\DRIVERS\iaStor.sys - Verdict: 1

17:33:07:298 5980 Reboot required for cure complete..

17:33:07:360 5980 Cure on reboot scheduled successfully

17:33:07:360 5980

17:33:07:360 5980 Completed

17:33:07:360 5980

17:33:07:360 5980 Results:

17:33:07:363 5980 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

17:33:07:363 5980 Registry objects infected / cured / cured on reboot: 2 / 0 / 2

17:33:07:363 5980 File objects infected / cured / cured on reboot: 1 / 0 / 1

17:33:07:363 5980

17:33:07:363 5980 fclose_ex: Trying to close file C:\Windows\system32\config\system

17:33:07:365 5980 fclose_ex: Trying to close file C:\Windows\system32\config\software

17:33:07:368 5980 KLMD(ARK) unloaded successfully

[Apollo]

Y'en avait encore

 

Comment se comporte le pc?

 

++

[NalyC]

Arf >< ...

 

Bah la plutôt bien. Sauf que j'ai ré-installé Google Chrome (que j'avais supprimé vu qu'il ne voulait plus marcher suite au virus) et il ne marche toujours pas, mais bon, rien d'important je marche avec Mozilla Firefox, ca me va.

 

Merci !

[Apollo]

On va encore vérifier avec un canon.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure.

 

Désactive ton antivirus, firewall et antispyware le temps de l'analyse.

 

Connecter les supports amovibles (clé usb et autres) avant de procéder.

 

Tutoriel officiel

 

Télécharge ComboFix sur ton bureau (et pas ailleurs).

• Si la console de récupération n'est pas installée sur un XP, ComboFix va proposer de l'installer: Accepter!
  
• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Double-clique ComboFix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  
• Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  

 

Si tu perds la connexion après le passage de ComboFix, voici comment la réparer ICI.

 

NB: Si malgré tout, tu ne parviens pas à réparer la connexion, lis ce sujet stp.

 

Si le message: "Tentative d'opération non autorisée sur une clé du Registre marquée pour suppression".

apparaissait, redémarrer le pc.

 

[NalyC]

Voila le rapport ComboFix

 

ComboFix 10-05-08.03 - Céline 09/05/2010 18:16:45.1.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3066.1603 [GMT 2:00]

Lancé depuis: c:\users\Céline\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Un antivirus résident est actif

 

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\Céline\AppData\Roaming\7D6E469A42077FAB971889CDE1D93B58

c:\users\Céline\AppData\Roaming\7D6E469A42077FAB971889CDE1D93B58\gotnewupdate000.exe

c:\windows\Rgemua.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-04-09 au 2010-05-09 ))))))))))))))))))))))))))))))))))))

.

 

2010-05-09 16:28 . 2010-05-09 16:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-05-09 15:22 . 2010-05-09 15:22 218798 ----a-w- C:\UsbFix_Upload_Me_PC-DE-CELINE.zip

2010-05-09 14:45 . 2010-05-09 15:22 -------- d-----w- C:\UsbFix

2010-05-09 14:04 . 2010-05-09 14:05 -------- d-----w- C:\rsit

2010-05-09 09:05 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-09 09:05 . 2010-05-09 09:05 -------- d-----w- c:\programdata\Malwarebytes

2010-05-09 09:05 . 2010-05-09 09:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-09 09:05 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-08 21:47 . 2010-05-08 21:47 -------- d-----w- c:\program files\trend micro

2010-05-08 18:17 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-04-21 16:01 . 2010-02-16 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100421.002\NAVENG.SYS

2010-04-21 16:01 . 2010-02-16 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100421.002\NAVEX15.SYS

2010-04-21 16:01 . 2009-09-17 06:50 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100421.002\NAVENG32.DLL

2010-04-21 16:01 . 2009-09-17 06:50 1647984 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100421.002\NAVEX32A.DLL

2010-04-21 16:01 . 2009-09-17 06:50 102448 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100421.002\ERASER.SYS

2010-04-21 16:01 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100421.002\CCERASER.DLL

2010-04-21 16:01 . 2009-10-19 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100421.002\ECMSVR32.DLL

2010-04-21 16:01 . 2009-09-17 06:50 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100421.002\EECTRL.SYS

2010-04-15 04:46 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-04-15 04:46 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-04-15 04:46 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-04-15 04:46 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-04-15 04:46 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-04-15 04:46 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll

2010-04-15 04:46 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-04-15 04:46 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll

2010-04-15 04:46 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2010-04-14 19:07 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll

2010-04-14 19:07 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll

2010-04-13 05:36 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-09 16:00 . 2009-10-04 16:01 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-05-09 15:40 . 2008-01-21 08:40 679418 ----a-w- c:\windows\system32\perfh00C.dat

2010-05-09 15:40 . 2008-01-21 08:40 128418 ----a-w- c:\windows\system32\perfc00C.dat

2010-05-09 15:35 . 2009-03-09 05:36 27934 ----a-w- c:\programdata\nvModes.dat

2010-05-08 19:16 . 2008-12-11 18:31 -------- d-----w- c:\program files\Google

2010-04-21 16:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-04-16 06:14 . 2008-10-31 16:41 -------- d-----w- c:\programdata\Microsoft Help

2010-03-14 20:03 . 2010-03-14 20:02 -------- d-----w- c:\program files\iTunes

2010-03-14 20:02 . 2010-03-14 20:02 -------- d-----w- c:\program files\iPod

2010-03-14 20:02 . 2009-03-08 15:24 -------- d-----w- c:\program files\Common Files\Apple

2010-03-10 20:00 . 2010-03-10 20:00 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-03-10 20:00 . 2010-03-10 20:00 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-03-10 20:00 . 2010-03-10 20:00 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-03-10 20:00 . 2010-03-10 20:00 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-03-10 20:00 . 2010-03-10 20:00 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-03-10 20:00 . 2010-03-10 20:00 300616 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-03-10 20:00 . 2010-03-10 20:00 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-03-10 20:00 . 2010-03-10 20:00 329312 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-03-10 20:00 . 2009-11-23 22:54 -------- d-----w- c:\program files\Common Files\Real

2010-03-10 19:56 . 2009-11-23 22:54 -------- d-----w- c:\program files\Real

2010-03-10 19:55 . 2010-03-10 19:55 -------- d-----w- c:\program files\Common Files\xing shared

2010-03-09 16:28 . 2010-03-31 16:22 833024 ----a-w- c:\windows\system32\wininet.dll

2010-03-09 16:25 . 2010-03-31 16:22 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-03-09 14:01 . 2010-03-31 16:22 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2010-03-01 12:56 . 2010-03-01 12:56 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb201F.tmp.exe

2010-02-25 10:09 . 2009-11-11 09:13 120984 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2010-02-20 23:39 . 2010-03-11 06:49 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-02-20 23:37 . 2010-03-11 06:49 31232 ----a-w- c:\windows\system32\httpapi.dll

2010-02-20 21:18 . 2010-03-11 06:49 411136 ----a-w- c:\windows\system32\drivers\http.sys

2010-02-16 09:00 . 2010-02-16 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\NAVENG.SYS

2010-02-16 09:00 . 2010-02-16 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\NAVEX15.SYS

2010-02-15 17:41 . 2010-02-15 17:41 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Google Update"="c:\users\Céline\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-09 136176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13543968]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 92704]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-11 24064]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]

"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-10 202256]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3890085218-2298435822-1139494261-1000]

"EnableNotificationsRef"=dword:00000002

 

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]

R3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-11 24064]

R3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmcbus.sys [2008-01-09 83584]

R3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmcmdfl.sys [2008-01-09 14976]

R3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmcmdm.sys [2008-01-09 110464]

R3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmcmgmt.sys [2008-01-09 104448]

R3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\DRIVERS\lgmcnd5.sys [2008-01-09 25344]

R3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmcobex.sys [2008-01-09 100480]

R3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\DRIVERS\lgmcunic.sys [2008-01-09 109952]

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]

S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]

S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]

S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]

S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]

S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]

S3 NETw5v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-07 44064]

S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - KLMDB

*Deregistered* - klmdb

.

Contenu du dossier 'Tâches planifiées'

 

2010-03-14 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-05 08:53]

 

2010-02-28 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-05 08:53]

 

2010-05-09 c:\windows\Tasks\Norton Security Scan for Céline.job

- c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-09-20 14:45]

.

.

------- Examen supplémentaire -------

.

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:5555

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

FF - ProfilePath - c:\users\Céline\AppData\Roaming\Mozilla\Firefox\Profiles\q8u8hml6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-Run-eRecoveryService - (no file)

SafeBoot-klmdb.sys

AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-09 18:28

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Heure de fin: 2010-05-09 18:32:36

ComboFix-quarantined-files.txt 2010-05-09 16:32

 

Avant-CF: 168 789 004 288 octets libres

Après-CF: 170 246 512 640 octets libres

 

- - End Of File - - 9324E21E66DF2796A39D77B45AA108D3

[Apollo]

Re,

 

Comment va le malade?