Bloquer dans désinfection 007Guard
Fermé
neriowinch
Messages postés
68
Statut
Membre
-
toptitbal Messages postés 26224 Date d'inscription Statut Contributeur sécurité Dernière intervention -
toptitbal Messages postés 26224 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
après avoir commencer désinfection 007 Guard, je suis bloqué
Quelqu'un peut-il m'aider à continuer
j'ai téléchargé Combofix et fait une analyse,
voici le rapport :
ComboFix 09-02-17.02 - Fabrice 2009-02-19 9:09:12.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.895.495 [GMT 1:00]
Lancé depuis: c:\documents and settings\Fabrice\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090218-0] *On-access scanning disabled* (Updated)
FW: Sunbelt Personal Firewall *disabled*
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-19 au 2009-02-19 ))))))))))))))))))))))))))))))))))))
.
2009-02-17 11:32 . 2009-02-17 12:42 <REP> d--hs---- C:\RECYCLER(2)
2009-02-17 10:46 . 2009-02-17 10:46 <REP> d-------- C:\_OTMoveIt
2009-02-16 15:57 . 2009-02-16 15:57 <REP> d-------- C:\rsit
2009-02-16 15:57 . 2009-02-16 16:14 <REP> d-------- c:\program files\trend micro
2009-02-16 14:33 . 2008-10-31 07:09 270,888 -ra------ c:\windows\system32\drivers\SbFw.sys
2009-02-16 14:33 . 2008-06-21 04:54 65,576 --a------ c:\windows\system32\drivers\SBFWIM.sys
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\documents and settings\Fabrice\Application Data\Malwarebytes
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-12 16:07 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 16:07 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 15:36 . 2009-02-09 15:42 <REP> d-------- c:\program files\Trillian
2009-02-05 19:24 . 2009-02-05 19:47 393 --a------ c:\windows\BPama.INI
2009-02-05 19:22 . 2009-02-05 19:22 <REP> d-------- c:\program files\FG Software
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 08:07 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-18 16:30 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-18 12:24 --------- d-----w c:\program files\GetRight
2009-02-18 12:14 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-02-17 11:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 08:45 --------- d-----w c:\documents and settings\Fabrice\Application Data\AdobeUM
2009-02-16 13:31 108,721 -c--a-w c:\windows\system32\drivers\fwdrv.err
2009-02-12 11:10 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-10 14:04 --------- d-----w c:\program files\AV WebCam Morpher GOLD
2009-02-06 12:50 --------- d-----w c:\program files\Enigma Software Group
2009-01-28 12:16 --------- d-----w c:\documents and settings\Fabrice\Application Data\LimeWire
2009-01-28 11:40 --------- d-----w c:\program files\Shareaza
2009-01-26 10:15 --------- d-----w c:\program files\TuneUp Utilities 2008
2009-01-03 13:41 --------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth
2009-01-03 13:36 --------- d-----w c:\program files\IVT Corporation
2008-12-30 15:07 --------- d-----w c:\program files\Java
2008-12-21 10:39 --------- d-----w c:\program files\Yahoo!
2008-12-21 10:39 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-07-04 12:48 259,664 -c--a-w c:\documents and settings\Fabrice\Application Data\GDIPFONTCACHEV1.DAT
2008-04-14 12:16 1,837 -c--a-w c:\windows\inf\COMC5.tmp
2007-12-13 16:34 1,837 -c--a-w c:\windows\inf\COMC6.tmp
2001-03-28 10:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe
2000-04-19 21:00 6,995 -c--a-w c:\windows\inf\RAMDISK.SYS
2002-12-14 15:41 73,728 -csha-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2008-05-31 17:09 80 --sh--r c:\windows\system32\C182FC9913.dll
.
------- Sigcheck -------
2006-03-02 13:00 14336 2979b03d5382a602623c0535b16ab9c0 c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-13 18:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-13 18:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\system32\svchost.exe
2006-03-02 13:00 578048 61c8c283ad063bb697ae61a155c64a5a c:\windows\$NtServicePackUninstall$\user32.dll
2008-04-13 18:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\ServicePackFiles\i386\user32.dll
2008-04-13 18:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\system32\user32.dll
2006-03-02 13:00 82944 eed74b969b2ca1acc558ff60fb420e28 c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-04-13 18:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-13 18:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\system32\ws2_32.dll
2006-03-02 13:00 660480 4e958b97efc3d801f49283d1820f48b7 c:\windows\$NtServicePackUninstall$\wininet.dll
2008-04-13 18:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\ie7\wininet.dll
2008-04-13 18:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\ServicePackFiles\i386\wininet.dll
2008-06-23 17:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c c:\windows\SoftwareDistribution\Download\93d2fb5e96afcaf76e5b7606e1b329f8\SP2GDR\wininet.dll
2008-06-23 16:40 827904 52589bae67dd9859724287372668690b c:\windows\SoftwareDistribution\Download\93d2fb5e96afcaf76e5b7606e1b329f8\SP2QFE\wininet.dll
2007-08-13 17:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\system32\wininet.dll
2007-08-13 17:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\system32\dllcache\wininet.dll
2006-03-02 13:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\system32\drivers\tcpip.sys
2006-03-02 13:00 506368 123eea158f74d0f67a51dcdf065d1091 c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-13 18:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-13 18:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\system32\winlogon.exe
2006-03-02 13:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys
2006-03-02 13:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys
2006-03-02 13:00 2017280 35567c8c50986c2bc5c3efd79cb045e4 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2008-04-13 18:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-13 18:07 2025984 92e82482cdb39929cf7b541a9648afae c:\windows\system32\ntkrnlpa.exe
2006-03-02 13:00 2150400 36f32a5a83df734e022734d93860a9a4 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2008-04-13 18:08 2191104 099d639da1ef6968d4e41795bb507e6b c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-04-13 18:07 2147328 b10c36956eb7a8b1586dbe3b43875280 c:\windows\system32\ntoskrnl.exe
2008-04-13 18:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\explorer.exe
2006-03-02 13:00 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-13 18:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\ServicePackFiles\i386\explorer.exe
2006-03-02 13:00 108544 63dcde1a0d86eeb8924d6738ff616ead c:\windows\$NtServicePackUninstall$\services.exe
2008-04-13 18:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\ServicePackFiles\i386\services.exe
2008-04-13 18:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\system32\services.exe
2006-03-02 13:00 13312 259af82a0932eea4f316f92db94707b6 c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-13 18:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-13 18:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\system32\lsass.exe
2006-03-02 13:00 15360 64e41e8fee655b03e3f19ded21ba5118 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 18:34 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-13 18:34 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\system32\ctfmon.exe
2006-03-02 13:00 57856 df9fc62ad51cb082b0ae371919a232cb c:\windows\$NtServicePackUninstall$\spoolsv.exe
2008-04-13 18:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-13 18:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\system32\spoolsv.exe
2008-04-13 18:34 112640 7e3defe771cb451b0ff630bfa435417e c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 c:\windows\system32\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 c:\windows\system32\dllcache\wuauclt.exe
2006-03-02 13:00 25088 84717891f0734c611721f56c60b5fbc3 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 18:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-13 18:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\system32\userinit.exe
2006-03-02 13:00 297984 78f90c3e230ad122bcb116abad5fefe9 c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-13 18:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-13 18:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\system32\termsrv.dll
2006-03-02 13:00 1048576 c88f74591579dbde273c61312b2d3886 c:\windows\$NtServicePackUninstall$\kernel32.dll
2008-04-13 18:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\ServicePackFiles\i386\kernel32.dll
2008-04-13 18:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\system32\kernel32.dll
2006-03-02 13:00 17408 29d5e58fb089c41898a81bd4c8970f22 c:\windows\$NtServicePackUninstall$\powrprof.dll
2008-04-13 18:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-13 18:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\system32\powrprof.dll
2006-03-02 13:00 110080 e55dafa1a354bd5cb69151563dc9748a c:\windows\$NtServicePackUninstall$\imm32.dll
2008-04-13 18:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\ServicePackFiles\i386\imm32.dll
2008-04-13 18:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\system32\imm32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-17_ 9.30.47.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-20 11:29:42 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-19 07:49:27 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-06-20 11:29:42 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-02-19 07:49:27 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-06-20 11:29:42 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-19 07:49:27 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-15 11:20:39 2,030,640 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-17 11:44:39 2,030,640 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-11-18 11:56:05 3,105,400 -c--a-w c:\windows\system32\Restore\rstrlog.dat
+ 2009-02-17 14:07:16 363,020 -c--a-w c:\windows\system32\Restore\rstrlog.dat
+ 2009-02-19 07:44:44 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_428.dat
+ 2009-02-19 07:44:37 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_564.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"TransTask"="c:\program files\Tweak-XP Pro\transtask.exe" [2003-01-07 24576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-09 335872]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-01-22 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-01-22 495616]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-04-30 430080]
"LVComs"="c:\windows\System32\LVComS.exe" [2000-12-06 86016]
"AS00_Gear511"="c:\program files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2004-12-03 475136]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-14 196608]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-02 185896]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"TPSMain"="TPSMain.exe" [2004-05-04 c:\windows\system32\TPSMain.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 c:\windows\agrsmmsg.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdhbk]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\sstqolm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"MSVideo"= lvfwwdmt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"InCD"=c:\program files\Ahead\InCD\InCD.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SmoothView"=c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-10-01 5632]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-16 114768]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-16 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-16 20560]
R2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\drivers\avwebcam.sys [2008-10-22 215552]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 WebCamHelper;WebCamHelper;c:\progra~1\AVWEBC~1\WebCamHelper.sys [2008-10-22 2688]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2006-07-05 16194]
R3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\drivers\wg511nd5.sys [2006-07-05 395840]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SBFWIM.sys [2009-02-16 65576]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2007-07-03 59392]
S3 PID_0890_I;Logitech QuickCam Traveler (Still Camera)(PID_0890_I);c:\windows\system32\drivers\BULKUSB.sys [2004-10-22 10547]
S3 PID_0890_V;Logitech QuickCam Traveler(PID_0890_V);c:\windows\system32\drivers\CA500AV.SYS [2004-10-22 191052]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2008-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyServer = 192.168.1.254:3128
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel
IE: Ouvrir avec GetRight
IE: Save Flash with Flash Catcher
IE: Télecharger avec GetRight
IE: {{90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - res://c:\program files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
TCP: {96E942F3-CEB6-4232-9E62-B98AF335700F} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Fabrice\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: network.proxy.http - 193.252.19.3
FF - prefs.js: network.proxy.type - 4
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 09:15:00
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="85174679A3847FC95943C0337ECA67AA7294F9FA6595522BC53D2D1E6B4556D459C5698519E7D75514AA29E07E802D0B15CF08125B9A5CE81CBF7BF7C9B8D8970AB9A601080C617C6498B290C578E07CF6FA42320AF267A2F64CED1D22A73103440D530D28ED3E7EAFF9B2629398F3CAD5791F98D90B57D08B5BBA88A49FD3DAD86C06839262120CFDD242AB87995BB21642D737959E126038F95C696504B858BD981DECC31286CC00373FF42B8892E83D5F6CB46CC00330FBC813A15D0DD9298AE7370B1D76C7D806D349F967C51514F6F19CE872D597157A7AE2C868C337ECFCC2B8D0656285BF8665C62C890567FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A2D97226D213B5555D575E7D6A3B980809B2E38F21E3D1D26B9C7462BFC8D2FB3ADD79F8800F9D8BE479779B0CBBBE93776B1BE81A6A033DD7F0D97119683FE6D263E567A44FE65EF9A4685FC53D79A8CA96999A0795B4D3B02998675F52A1634FF026135E656BC220D59A61B8B187CBDC49BE201604AE5F3C136645382EA78C022E661B72A3DB4157AC4E02E7AFBE1979BB80BAA4B50EAD34A10EC98285D27E31E465E059BB3D6A93EED76309B4CAB062C9E8EDC791418D4668EBF94D4777DC1983F58BC1446ACE3D82A0ED86A0A936CC76950246DF8CD5162474205DC53ECAE89E80048DBA12072F74A24BFE38AED06065B5829BCD085CB7AFACC9AB38237441EB0179D07D342D3BF26FEBC52280AC3DDE90C1F7ED9E01B58F30C6E43778073CC6055E56CFA65F2454AB82E16D1AF870517ED1BD3410228F672B2D6843E132E2AC2FE71B5994C0A18F10068B894969024DEB8A85FB71A4358362D4CC3C582DB542B99051A5FA7761BE67B2334AB2B5E907DC0A9A80A9F10E50AADC586B29B2264E6D165CA32BAE02A492067AE84B1A95D7E32E7CE4F4F6F3DFED2488F7F37D1C3C2B7B59A6CC9597240644B7025ED565BCAB1EDDAC61233467AB520F73AF527219E48592E6D65DAA444AF3F6948B2CAE57713E28C3D46C11C2754FCECEA2F47898A2408B0099BC37B17A607585C365B96A06BDF4F5864AC06E71C76060EAAEF012FEF778EFB4EF2D3CC819A61E504C45604F8B94F4023A6D8CD9AC91E279CE9280AA40439A20B4F057F7F0AE89C9B180C545DB0A5627BC35E37DB5617491268902E66F0A4824CDD99BE0FEEAD820E791CCF5270E132956AA5CBE588597CE0AF3598C1E1E23DE813444EF9F698195C712C7832A0B88118ED185935565B21B55646F862C843C419ABFB224EFEA5AC02D8D322263227839F3A690062B9E10B8E3634C543AF785936831E814D3679F0E7685A79B972588D2171754349F81DD3C986AA1882F6456ECBD300FE5F309733A07EF"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(244)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2592)
c:\windows\system32\ieframe.dll
c:\windows\system32\eappprxy.dll
.
Heure de fin: 2009-02-19 9:19:08
ComboFix-quarantined-files.txt 2009-02-19 08:19:02
ComboFix2.txt 2009-02-18 10:06:09
ComboFix3.txt 2009-02-17 12:16:37
ComboFix4.txt 2009-02-17 10:14:33
ComboFix5.txt 2009-02-19 08:08:33
Avant-CF: 4 388 724 736 octets libres
Après-CF: 4,376,690,688 octets libres
Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
267 --- E O F --- 2009-02-18 10:07:29
que faire après ?
après avoir commencer désinfection 007 Guard, je suis bloqué
Quelqu'un peut-il m'aider à continuer
j'ai téléchargé Combofix et fait une analyse,
voici le rapport :
ComboFix 09-02-17.02 - Fabrice 2009-02-19 9:09:12.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.895.495 [GMT 1:00]
Lancé depuis: c:\documents and settings\Fabrice\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090218-0] *On-access scanning disabled* (Updated)
FW: Sunbelt Personal Firewall *disabled*
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-19 au 2009-02-19 ))))))))))))))))))))))))))))))))))))
.
2009-02-17 11:32 . 2009-02-17 12:42 <REP> d--hs---- C:\RECYCLER(2)
2009-02-17 10:46 . 2009-02-17 10:46 <REP> d-------- C:\_OTMoveIt
2009-02-16 15:57 . 2009-02-16 15:57 <REP> d-------- C:\rsit
2009-02-16 15:57 . 2009-02-16 16:14 <REP> d-------- c:\program files\trend micro
2009-02-16 14:33 . 2008-10-31 07:09 270,888 -ra------ c:\windows\system32\drivers\SbFw.sys
2009-02-16 14:33 . 2008-06-21 04:54 65,576 --a------ c:\windows\system32\drivers\SBFWIM.sys
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\documents and settings\Fabrice\Application Data\Malwarebytes
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-12 16:07 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 16:07 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 15:36 . 2009-02-09 15:42 <REP> d-------- c:\program files\Trillian
2009-02-05 19:24 . 2009-02-05 19:47 393 --a------ c:\windows\BPama.INI
2009-02-05 19:22 . 2009-02-05 19:22 <REP> d-------- c:\program files\FG Software
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 08:07 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-18 16:30 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-18 12:24 --------- d-----w c:\program files\GetRight
2009-02-18 12:14 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-02-17 11:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 08:45 --------- d-----w c:\documents and settings\Fabrice\Application Data\AdobeUM
2009-02-16 13:31 108,721 -c--a-w c:\windows\system32\drivers\fwdrv.err
2009-02-12 11:10 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-10 14:04 --------- d-----w c:\program files\AV WebCam Morpher GOLD
2009-02-06 12:50 --------- d-----w c:\program files\Enigma Software Group
2009-01-28 12:16 --------- d-----w c:\documents and settings\Fabrice\Application Data\LimeWire
2009-01-28 11:40 --------- d-----w c:\program files\Shareaza
2009-01-26 10:15 --------- d-----w c:\program files\TuneUp Utilities 2008
2009-01-03 13:41 --------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth
2009-01-03 13:36 --------- d-----w c:\program files\IVT Corporation
2008-12-30 15:07 --------- d-----w c:\program files\Java
2008-12-21 10:39 --------- d-----w c:\program files\Yahoo!
2008-12-21 10:39 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-07-04 12:48 259,664 -c--a-w c:\documents and settings\Fabrice\Application Data\GDIPFONTCACHEV1.DAT
2008-04-14 12:16 1,837 -c--a-w c:\windows\inf\COMC5.tmp
2007-12-13 16:34 1,837 -c--a-w c:\windows\inf\COMC6.tmp
2001-03-28 10:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe
2000-04-19 21:00 6,995 -c--a-w c:\windows\inf\RAMDISK.SYS
2002-12-14 15:41 73,728 -csha-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2008-05-31 17:09 80 --sh--r c:\windows\system32\C182FC9913.dll
.
------- Sigcheck -------
2006-03-02 13:00 14336 2979b03d5382a602623c0535b16ab9c0 c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-13 18:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-13 18:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\system32\svchost.exe
2006-03-02 13:00 578048 61c8c283ad063bb697ae61a155c64a5a c:\windows\$NtServicePackUninstall$\user32.dll
2008-04-13 18:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\ServicePackFiles\i386\user32.dll
2008-04-13 18:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\system32\user32.dll
2006-03-02 13:00 82944 eed74b969b2ca1acc558ff60fb420e28 c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-04-13 18:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-13 18:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\system32\ws2_32.dll
2006-03-02 13:00 660480 4e958b97efc3d801f49283d1820f48b7 c:\windows\$NtServicePackUninstall$\wininet.dll
2008-04-13 18:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\ie7\wininet.dll
2008-04-13 18:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\ServicePackFiles\i386\wininet.dll
2008-06-23 17:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c c:\windows\SoftwareDistribution\Download\93d2fb5e96afcaf76e5b7606e1b329f8\SP2GDR\wininet.dll
2008-06-23 16:40 827904 52589bae67dd9859724287372668690b c:\windows\SoftwareDistribution\Download\93d2fb5e96afcaf76e5b7606e1b329f8\SP2QFE\wininet.dll
2007-08-13 17:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\system32\wininet.dll
2007-08-13 17:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\system32\dllcache\wininet.dll
2006-03-02 13:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\system32\drivers\tcpip.sys
2006-03-02 13:00 506368 123eea158f74d0f67a51dcdf065d1091 c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-13 18:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-13 18:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\system32\winlogon.exe
2006-03-02 13:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys
2006-03-02 13:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys
2006-03-02 13:00 2017280 35567c8c50986c2bc5c3efd79cb045e4 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2008-04-13 18:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-13 18:07 2025984 92e82482cdb39929cf7b541a9648afae c:\windows\system32\ntkrnlpa.exe
2006-03-02 13:00 2150400 36f32a5a83df734e022734d93860a9a4 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2008-04-13 18:08 2191104 099d639da1ef6968d4e41795bb507e6b c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-04-13 18:07 2147328 b10c36956eb7a8b1586dbe3b43875280 c:\windows\system32\ntoskrnl.exe
2008-04-13 18:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\explorer.exe
2006-03-02 13:00 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-13 18:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\ServicePackFiles\i386\explorer.exe
2006-03-02 13:00 108544 63dcde1a0d86eeb8924d6738ff616ead c:\windows\$NtServicePackUninstall$\services.exe
2008-04-13 18:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\ServicePackFiles\i386\services.exe
2008-04-13 18:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\system32\services.exe
2006-03-02 13:00 13312 259af82a0932eea4f316f92db94707b6 c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-13 18:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-13 18:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\system32\lsass.exe
2006-03-02 13:00 15360 64e41e8fee655b03e3f19ded21ba5118 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 18:34 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-13 18:34 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\system32\ctfmon.exe
2006-03-02 13:00 57856 df9fc62ad51cb082b0ae371919a232cb c:\windows\$NtServicePackUninstall$\spoolsv.exe
2008-04-13 18:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-13 18:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\system32\spoolsv.exe
2008-04-13 18:34 112640 7e3defe771cb451b0ff630bfa435417e c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 c:\windows\system32\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 c:\windows\system32\dllcache\wuauclt.exe
2006-03-02 13:00 25088 84717891f0734c611721f56c60b5fbc3 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 18:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-13 18:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\system32\userinit.exe
2006-03-02 13:00 297984 78f90c3e230ad122bcb116abad5fefe9 c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-13 18:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-13 18:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\system32\termsrv.dll
2006-03-02 13:00 1048576 c88f74591579dbde273c61312b2d3886 c:\windows\$NtServicePackUninstall$\kernel32.dll
2008-04-13 18:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\ServicePackFiles\i386\kernel32.dll
2008-04-13 18:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\system32\kernel32.dll
2006-03-02 13:00 17408 29d5e58fb089c41898a81bd4c8970f22 c:\windows\$NtServicePackUninstall$\powrprof.dll
2008-04-13 18:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-13 18:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\system32\powrprof.dll
2006-03-02 13:00 110080 e55dafa1a354bd5cb69151563dc9748a c:\windows\$NtServicePackUninstall$\imm32.dll
2008-04-13 18:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\ServicePackFiles\i386\imm32.dll
2008-04-13 18:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\system32\imm32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-17_ 9.30.47.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-20 11:29:42 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-19 07:49:27 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-06-20 11:29:42 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-02-19 07:49:27 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-06-20 11:29:42 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-19 07:49:27 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-15 11:20:39 2,030,640 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-17 11:44:39 2,030,640 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-11-18 11:56:05 3,105,400 -c--a-w c:\windows\system32\Restore\rstrlog.dat
+ 2009-02-17 14:07:16 363,020 -c--a-w c:\windows\system32\Restore\rstrlog.dat
+ 2009-02-19 07:44:44 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_428.dat
+ 2009-02-19 07:44:37 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_564.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"TransTask"="c:\program files\Tweak-XP Pro\transtask.exe" [2003-01-07 24576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-09 335872]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-01-22 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-01-22 495616]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-04-30 430080]
"LVComs"="c:\windows\System32\LVComS.exe" [2000-12-06 86016]
"AS00_Gear511"="c:\program files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2004-12-03 475136]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-14 196608]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-02 185896]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"TPSMain"="TPSMain.exe" [2004-05-04 c:\windows\system32\TPSMain.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 c:\windows\agrsmmsg.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdhbk]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\sstqolm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"MSVideo"= lvfwwdmt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"InCD"=c:\program files\Ahead\InCD\InCD.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SmoothView"=c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-10-01 5632]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-16 114768]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-16 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-16 20560]
R2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\drivers\avwebcam.sys [2008-10-22 215552]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 WebCamHelper;WebCamHelper;c:\progra~1\AVWEBC~1\WebCamHelper.sys [2008-10-22 2688]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2006-07-05 16194]
R3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\drivers\wg511nd5.sys [2006-07-05 395840]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SBFWIM.sys [2009-02-16 65576]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2007-07-03 59392]
S3 PID_0890_I;Logitech QuickCam Traveler (Still Camera)(PID_0890_I);c:\windows\system32\drivers\BULKUSB.sys [2004-10-22 10547]
S3 PID_0890_V;Logitech QuickCam Traveler(PID_0890_V);c:\windows\system32\drivers\CA500AV.SYS [2004-10-22 191052]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2008-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyServer = 192.168.1.254:3128
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel
IE: Ouvrir avec GetRight
IE: Save Flash with Flash Catcher
IE: Télecharger avec GetRight
IE: {{90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - res://c:\program files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
TCP: {96E942F3-CEB6-4232-9E62-B98AF335700F} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Fabrice\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: network.proxy.http - 193.252.19.3
FF - prefs.js: network.proxy.type - 4
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 09:15:00
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="85174679A3847FC95943C0337ECA67AA7294F9FA6595522BC53D2D1E6B4556D459C5698519E7D75514AA29E07E802D0B15CF08125B9A5CE81CBF7BF7C9B8D8970AB9A601080C617C6498B290C578E07CF6FA42320AF267A2F64CED1D22A73103440D530D28ED3E7EAFF9B2629398F3CAD5791F98D90B57D08B5BBA88A49FD3DAD86C06839262120CFDD242AB87995BB21642D737959E126038F95C696504B858BD981DECC31286CC00373FF42B8892E83D5F6CB46CC00330FBC813A15D0DD9298AE7370B1D76C7D806D349F967C51514F6F19CE872D597157A7AE2C868C337ECFCC2B8D0656285BF8665C62C890567FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A2D97226D213B5555D575E7D6A3B980809B2E38F21E3D1D26B9C7462BFC8D2FB3ADD79F8800F9D8BE479779B0CBBBE93776B1BE81A6A033DD7F0D97119683FE6D263E567A44FE65EF9A4685FC53D79A8CA96999A0795B4D3B02998675F52A1634FF026135E656BC220D59A61B8B187CBDC49BE201604AE5F3C136645382EA78C022E661B72A3DB4157AC4E02E7AFBE1979BB80BAA4B50EAD34A10EC98285D27E31E465E059BB3D6A93EED76309B4CAB062C9E8EDC791418D4668EBF94D4777DC1983F58BC1446ACE3D82A0ED86A0A936CC76950246DF8CD5162474205DC53ECAE89E80048DBA12072F74A24BFE38AED06065B5829BCD085CB7AFACC9AB38237441EB0179D07D342D3BF26FEBC52280AC3DDE90C1F7ED9E01B58F30C6E43778073CC6055E56CFA65F2454AB82E16D1AF870517ED1BD3410228F672B2D6843E132E2AC2FE71B5994C0A18F10068B894969024DEB8A85FB71A4358362D4CC3C582DB542B99051A5FA7761BE67B2334AB2B5E907DC0A9A80A9F10E50AADC586B29B2264E6D165CA32BAE02A492067AE84B1A95D7E32E7CE4F4F6F3DFED2488F7F37D1C3C2B7B59A6CC9597240644B7025ED565BCAB1EDDAC61233467AB520F73AF527219E48592E6D65DAA444AF3F6948B2CAE57713E28C3D46C11C2754FCECEA2F47898A2408B0099BC37B17A607585C365B96A06BDF4F5864AC06E71C76060EAAEF012FEF778EFB4EF2D3CC819A61E504C45604F8B94F4023A6D8CD9AC91E279CE9280AA40439A20B4F057F7F0AE89C9B180C545DB0A5627BC35E37DB5617491268902E66F0A4824CDD99BE0FEEAD820E791CCF5270E132956AA5CBE588597CE0AF3598C1E1E23DE813444EF9F698195C712C7832A0B88118ED185935565B21B55646F862C843C419ABFB224EFEA5AC02D8D322263227839F3A690062B9E10B8E3634C543AF785936831E814D3679F0E7685A79B972588D2171754349F81DD3C986AA1882F6456ECBD300FE5F309733A07EF"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(244)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2592)
c:\windows\system32\ieframe.dll
c:\windows\system32\eappprxy.dll
.
Heure de fin: 2009-02-19 9:19:08
ComboFix-quarantined-files.txt 2009-02-19 08:19:02
ComboFix2.txt 2009-02-18 10:06:09
ComboFix3.txt 2009-02-17 12:16:37
ComboFix4.txt 2009-02-17 10:14:33
ComboFix5.txt 2009-02-19 08:08:33
Avant-CF: 4 388 724 736 octets libres
Après-CF: 4,376,690,688 octets libres
Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
267 --- E O F --- 2009-02-18 10:07:29
que faire après ?
A voir également:
- Bloquer dans désinfection 007Guard
- Bloquer pub youtube - Accueil - Streaming
- Bloquer sur messenger - Guide
- Comment savoir si on est bloqué sur Messenger ou Facebook ? - Guide
- Bloquer cellule excel - Guide
- Comment savoir qui utilise mon wifi et le bloquer - Guide
2 réponses
Bonjour
Continue sur cette discussion : http://www.commentcamarche.net/forum/affich 11079240 pas du tout urgent infection par 007guard
Continue sur cette discussion : http://www.commentcamarche.net/forum/affich 11079240 pas du tout urgent infection par 007guard
