Svchost.exe !!!

Fermé
kof87000 Messages postés 66 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 16 octobre 2010 - 16 mars 2009 à 12:10
Bonjour,

j'ai sérieux problème, un message d erreur est apparu alors si quelqu'un peut m aider pour le résoudre

ou je peux trouver L'instruction 0x7ffa4512 adresse mémoire

voici un rapport avec combofix :

ComboFix 09-03-15.01 - FAROUK 2009-03-16 11:25:08.22 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1581 [GMT 1:00]
Lancé depuis: c:\documents and settings\FAROUK.XPSP2-62E3F107A\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
.
---- Exécution préalable -------
.
c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-16 au 2009-03-16 ))))))))))))))))))))))))))))))))))))
.

2009-03-16 10:25 . 2009-03-16 10:25 <REP> d-------- c:\documents and settings\autres\Application Data\MEGAUPLOADTOOLBAR
2009-03-16 10:21 . 2008-02-15 22:58 <REP> d--h----- c:\documents and settings\autres\Voisinage réseau
2009-03-16 10:21 . 2008-02-15 22:58 <REP> d--h----- c:\documents and settings\autres\Voisinage d'impression
2009-03-16 10:21 . 2008-02-15 22:02 <REP> d--h----- c:\documents and settings\autres\Modèles
2009-03-16 10:21 . 2009-03-16 10:22 <REP> dr------- c:\documents and settings\autres\Mes documents
2009-03-16 10:21 . 2008-02-15 22:58 <REP> dr------- c:\documents and settings\autres\Menu Démarrer
2009-03-16 10:21 . 2009-03-16 10:22 <REP> dr------- c:\documents and settings\autres\Favoris
2009-03-16 10:21 . 2008-02-15 22:58 <REP> d-------- c:\documents and settings\autres\Bureau
2009-03-16 10:21 . 2009-03-16 10:54 <REP> d-------- c:\documents and settings\autres
2009-03-16 03:02 . 2009-03-16 03:01 3,470,336 --a------ C:\conex2.avi
2009-03-15 20:57 . 2009-03-15 20:56 1,508,352 --a------ C:\conex.avi
2009-03-11 22:43 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll
2009-03-11 22:43 . 2009-03-11 22:43 385 --a------ c:\windows\ODBC.INI
2009-03-11 22:42 . 2009-03-11 22:42 <REP> d-------- c:\program files\Microsoft.NET
2009-02-27 21:17 . 2009-02-27 21:17 <REP> d-------- c:\program files\ETAJV PC
2009-02-16 12:06 . 2009-03-12 16:52 183,112 --a------ c:\windows\system32\PnkBstrB.exe
2009-02-16 12:06 . 2009-03-12 16:52 138,184 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-02-16 12:06 . 2009-02-17 16:32 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-02-16 12:03 . 2009-02-16 12:03 <REP> d-------- c:\windows\system32\LogFiles

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 10:33 --------- d-----w c:\documents and settings\FAROUK.XPSP2-62E3F107A\Application Data\DMCache
2009-03-16 10:17 --------- d-----w c:\documents and settings\FAROUK.XPSP2-62E3F107A\Application Data\Azureus
2009-03-16 10:06 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-03-16 10:03 --------- d-----w c:\documents and settings\FAROUK.XPSP2-62E3F107A\Application Data\MegauploadToolbar
2009-03-13 16:01 --------- d-----w c:\program files\SuperCopier2
2009-02-26 12:12 --------- d-----w c:\documents and settings\FAROUK.XPSP2-62E3F107A\Application Data\Vso
2009-02-21 10:46 --------- d-----w c:\program files\MegauploadToolbar
2009-02-17 13:01 --------- d-----w c:\documents and settings\FAROUK.XPSP2-62E3F107A\Application Data\LimeWire
2009-02-16 15:39 --------- d-----w c:\program files\Google
2009-02-14 13:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-13 09:17 --------- d-----w c:\program files\Ubisoft
2009-02-08 14:44 --------- d-----w c:\program files\Real Alternative
2009-02-08 14:44 --------- d-----w c:\program files\PC Inspector File Recovery
2009-02-08 14:44 --------- d-----w c:\program files\LimeWire
2009-02-08 12:34 --------- d-----w c:\program files\Jufsoft
2009-02-03 21:54 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NFS Underground
2009-01-29 12:24 732,113 ----a-w c:\program files\Fichiers communs\unins000.exe
2009-01-29 12:24 3,141 ----a-w c:\program files\Fichiers communs\unins000.dat
2009-01-16 19:10 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-16 19:10 --------- d-----w c:\program files\AGEIA Technologies
2008-04-09 19:41 32 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\ezsid.dat
2008-07-02 17:18 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-07-02 17:18 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-02 17:18 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-07-02 17:18 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-07-02 17:18 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-03-18 16:05 88 --sh--r c:\windows\system32\4107594D9A.sys
2008-03-18 16:07 3,140 --sha-w c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2005-07-21 11:18 662016 ffe3e6fb8d52955a2de4c6cc765b02bc c:\windows\SoftwareDistribution\Download\29232188b30706c8db3d1b4e5465b0b9\backup\sp2gdr\wininet.dll
2005-07-21 11:18 662016 ffe3e6fb8d52955a2de4c6cc765b02bc c:\windows\SoftwareDistribution\Download\29232188b30706c8db3d1b4e5465b0b9\backup\sp2qfe\wininet.dll
2005-07-21 11:18 662016 ffe3e6fb8d52955a2de4c6cc765b02bc c:\windows\SoftwareDistribution\Download\a0a06594bec34f1a4bfbddf6cd27d688\backup\sp2gdr\wininet.dll
2005-07-21 11:18 662016 ffe3e6fb8d52955a2de4c6cc765b02bc c:\windows\SoftwareDistribution\Download\a0a06594bec34f1a4bfbddf6cd27d688\backup\sp2qfe\wininet.dll
2005-07-21 11:18 662016 ffe3e6fb8d52955a2de4c6cc765b02bc c:\windows\system32\wininet.dll

2005-07-23 11:37 2058880 73fa9c95d235844a36968c7852c7dbdd c:\windows\SoftwareDistribution\Download\a04a8dce324b141449b6bb4b762ae54a\backup\sp2gdr\ntkrnlpa.exe
2005-07-21 12:14 2058880 73fa9c95d235844a36968c7852c7dbdd c:\windows\SoftwareDistribution\Download\a04a8dce324b141449b6bb4b762ae54a\backup\sp2qfe\ntkrnlpa.exe
2005-07-23 11:37 2058880 73fa9c95d235844a36968c7852c7dbdd c:\windows\SoftwareDistribution\Download\a97bd412ef78c20b97d5d1e3965f7491\backup\sp2gdr\ntkrnlpa.exe
2005-07-21 11:14 2058880 73fa9c95d235844a36968c7852c7dbdd c:\windows\SoftwareDistribution\Download\a97bd412ef78c20b97d5d1e3965f7491\backup\sp2qfe\ntkrnlpa.exe
2005-07-23 11:37 2058880 73fa9c95d235844a36968c7852c7dbdd c:\windows\system32\ntkrnlpa.exe

2005-07-21 11:18 2181376 63729dd0f2aae36cc52b89c05505146c c:\windows\SoftwareDistribution\Download\a04a8dce324b141449b6bb4b762ae54a\backup\sp2gdr\ntoskrnl.exe
2005-07-21 12:14 2181376 63729dd0f2aae36cc52b89c05505146c c:\windows\SoftwareDistribution\Download\a04a8dce324b141449b6bb4b762ae54a\backup\sp2qfe\ntoskrnl.exe
2005-07-21 11:18 2181376 63729dd0f2aae36cc52b89c05505146c c:\windows\SoftwareDistribution\Download\a97bd412ef78c20b97d5d1e3965f7491\backup\sp2gdr\ntoskrnl.exe
2005-07-21 11:14 2181376 63729dd0f2aae36cc52b89c05505146c c:\windows\SoftwareDistribution\Download\a97bd412ef78c20b97d5d1e3965f7491\backup\sp2qfe\ntoskrnl.exe
2005-07-21 11:18 2181376 63729dd0f2aae36cc52b89c05505146c c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-03-06_16.47.42.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-11 21:43:18 110,592 ----a-w c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2009-03-11 21:43:18 64,088 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-03-11 21:43:18 229,376 ----a-w c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2009-03-11 21:43:18 4,096 ----a-w c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2009-03-11 21:43:17 223,800 ----a-w c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2009-03-11 21:43:19 16,384 ----a-w c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2009-03-11 21:43:42 593,920 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-03-11 21:43:42 12,288 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-11 21:43:42 86,016 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-03-11 21:43:42 135,168 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-03-11 21:43:42 11,264 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-11 21:43:42 27,136 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-03-11 21:43:42 4,096 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-03-11 21:43:42 794,624 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-03-11 21:43:42 249,856 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-03-11 21:43:42 61,440 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-03-11 21:43:42 23,040 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-03-11 21:43:42 286,720 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-11 21:43:42 409,600 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2003-08-03 17:56:16 1,146,184 ----a-w c:\windows\system32\FM20.DLL
+ 2003-07-31 18:46:08 42,128 ----a-w c:\windows\system32\FM20FRA.DLL
- 2009-02-08 18:21:30 1,483,808 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-12 09:41:27 1,501,544 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 1999-03-15 11:52:52 57,344 ----a-w c:\windows\system32\MFC42FRA.DLL
+ 1999-04-06 16:06:14 7,680 ----a-w c:\windows\system32\MSPRPFR.DLL
+ 2000-05-11 12:06:20 397,312 ----a-w c:\windows\system32\MSRDO20.DLL
+ 2000-05-24 05:45:58 118,784 ----a-w c:\windows\system32\MSSTDFMT.DLL
+ 1998-08-09 18:07:34 94,208 ----a-w c:\windows\system32\MSSTKPRP.DLL
- 2009-03-06 13:21:07 58,732 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-16 10:24:05 58,732 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-06 13:21:07 71,488 ----a-w c:\windows\system32\perfc00C.dat
+ 2009-03-16 10:24:05 71,488 ----a-w c:\windows\system32\perfc00C.dat
- 2009-03-06 13:21:07 392,432 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-16 10:24:05 392,432 ----a-w c:\windows\system32\perfh009.dat
- 2009-03-06 13:21:07 458,648 ----a-w c:\windows\system32\perfh00C.dat
+ 2009-03-16 10:24:05 458,648 ----a-w c:\windows\system32\perfh00C.dat
+ 2000-04-03 16:52:54 151,552 ----a-w c:\windows\system32\RDOCURS.DLL
+ 1998-03-25 04:54:08 15,872 ----a-w c:\windows\system32\SCP32.DLL
+ 2003-06-19 00:31:44 758,784 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2003-06-19 00:31:46 35,328 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2003-06-19 00:31:44 758,784 ----a-w c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2003-06-19 00:31:46 35,328 ----a-w c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2003-06-19 00:31:48 18,944 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 1999-11-25 01:40:50 40,960 ----a-w c:\windows\system32\VBAME.DLL
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-03-11 2562560]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"FG_Monitor"="c:\documents and settings\FAROUK.XPSP2-62E3F107A\Mes documents\Updater5\Folder Guard\FGKey.exe" [2007-02-25 132680]
"EPSON Stylus CX3600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-01-29 2157064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-01-08 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\Administrateur.XPSP2-62E3F107A\Menu D‚marrer\Programmes\D‚marrage\
Sonic CinePlayer Quick Launch.lnk - c:\program files\Fichiers communs\Sonic Shared\cinetray.exe [2002-09-18 98304]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskManager"= 1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
2007-11-29 11:42 44400 c:\windows\system32\fsp_lmwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XVID"= xvid.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>­Ý\†Ð=ŸàÛ±Þ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25666:TCP"= 25666:TCP:BitComet 25666 TCP
"25666:UDP"= 25666:UDP:BitComet 25666 UDP

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2005-07-23 25067]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-11-26 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2008-11-26 258305]
R2 AVEService;Service d'assistance Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-11-26 41217]
R2 FGUARD32;FGUARD32;c:\documents and settings\FAROUK.XPSP2-62E3F107A\Mes documents\Updater5\Folder Guard\FGUARD32.SYS [2008-02-25 48896]
R3 LMPC4;LMPC4;c:\windows\system32\drivers\lmpc4.sys [2008-03-19 10096]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2008-02-15 349184]
S3 ADSLAutoconnect;ADSLAutoconnect;c:\program files\ADSL Autoconnect\ADSL Autoconnect.exe [2008-12-10 446464]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19e625a1-2024-11dd-b7e5-00d0d715f762}]
\Shell\AUTOPlay\comMand - H:\hpcr.pif
\Shell\AutoRun\command - H:\hpcr.pif
\Shell\EXplORE\CoMMAnD - H:\hpcr.pif
\Shell\opEn\coMmAnd - H:\hpcr.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19e625a2-2024-11dd-b7e5-00d0d715f762}]
\ShEll\AutOpLAy\comMANd - I:\mfuf.cmd
\ShEll\AutoRun\command - I:\mfuf.cmd
\ShEll\eXPlorE\COmmaNd - I:\mfuf.cmd
\ShEll\OpeN\cOmmand - I:\mfuf.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d689c44-1173-11dd-b7c6-00d0d715f762}]
\Shell\AutoRun\command - copetttt.com
\Shell\explore\Command - copetttt.com
\Shell\open\Command - copetttt.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c9b87fd-1538-11dd-b7cc-00d0d715f762}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62ccc3b2-7813-11dd-b89f-00d0d715f762}]
\Shell\AutoRun\command - G:\ph.com
\Shell\explore\Command - G:\ph.com
\Shell\open\Command - G:\ph.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a00a1ab-1c34-11dd-b7dc-00d0d715f762}]
\Shell\AutoRun\command - G:\ph.com
\Shell\explore\Command - G:\ph.com
\Shell\open\Command - G:\ph.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d29d6266-e00c-11dc-875f-00d0d715f762}]
\Shell\AutoRun\command - F:\semo2x.exe
\Shell\explore\Command - F:\semo2x.exe
\Shell\open\Command - F:\semo2x.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e73f9647-3a16-11dd-b809-00d0d715f762}]
\Shell\AutoRun\command - F:\pkxfkrki.bat
\Shell\explore\Command - F:\pkxfkrki.bat
\Shell\open\Command - F:\pkxfkrki.bat
.
Contenu du dossier 'Tâches planifiées'

2009-02-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 20:51]

2009-03-16 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ouvrir dans un nouvel onglet d'arriere-plan
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?014e4615af1b4850954270c4fe87a95b
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?014e4615af1b4850954270c4fe87a95b
LSP: avsda.dll
TCP: {4A9B748C-71AB-48CB-80F1-5F5E3E5C2A5F} = 192.168.30.1
FF - ProfilePath - c:\documents and settings\FAROUK.XPSP2-62E3F107A\Application Data\Mozilla\Firefox\Profiles\7ry6jt5p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\FAROUK.XPSP2-62E3F107A\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\FAROUK.XPSP2-62E3F107A\Application Data\Mozilla\Firefox\Profiles\7ry6jt5p.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\inspector.dll
FF - component: c:\documents and settings\FAROUK.XPSP2-62E3F107A\Application Data\Mozilla\Firefox\Profiles\7ry6jt5p.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-16 11:32:29
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1614895754-706699826-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5362D0BB-70B6-F60A-F57D-ED01EC4388EE}*]
"pacpjbpnkealkcjcldjgahgemghjckbp"=hex:69,61,6c,6b,67,62,66,67,65,6c,6b,68,6c,
6b,69,69,6e,69,00,00

[HKEY_USERS\S-1-5-21-1614895754-706699826-1801674531-1003\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a0,66,93,10,a6,09,de,75,b5,b1,5e,05,55,5e,d1,f6,8d,74,ed,e2,ad,dc,42,
14,e8,bc,9e,62,d1,16,e9,01,86,d4,0a,7b,06,5a,c3,7c,ed,5a,1e,da,12,6e,34,18,\
"??"=hex:2f,25,74,5e,ca,fb,3f,5b,fe,27,a4,b3,a1,76,4b,3e

[HKEY_USERS\S-1-5-21-1614895754-706699826-1801674531-1003\SOFTWARE\SecuROM\License information*]
"datasecu"=hex:a0,9b,eb,e2,31,e6,4e,f0,fc,e4,5c,cb,7f,a9,ee,3c,be,a0,6c,3e,e6,
36,00,4d,d0,93,95,d5,e6,1f,58,a7,5a,f4,39,e6,81,a9,81,93,28,82,aa,3e,82,22,\
"rkeysecu"=hex:77,73,58,91,d9,15,5a,10,0a,ba,ff,a0,1b,81,fc,f3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):fb,06,ac,83,c4,8f,4a,3d,6f,54,8a,ff,f8,4e,b0,ca,25,7d,aa,b0,d4,
17,a6,ee,7f,84,6b,fe,4c,ee,e0,6f,14,02,75,f1,91,af,22,58,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7960ae40-1999-44ee-9733-e3c2f7adb218}]
@Denied: (Full) (Everyone)
"Model"=dword:00000046
"Therad"=dword:00000015

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):72,eb,c4,5c,05,f8,34,eb,ad,64,f4,00,ef,8f,39,4e,82,5a,ca,b3,c7,
25,22,e7,f0,f2,82,7c,ee,bd,5c,ff,85,21,32,db,b3,97,12,ec,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a56571d0-b465-4e6a-a7f2-11b81107aebc}]
@Denied: (Full) (Everyone)
"Model"=dword:00000086
"Therad"=dword:00000015
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1176)
c:\windows\system32\fsp_lmwl.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Premium\sched.exe
c:\program files\Lock My PC 4\lockpc.exe
c:\program files\Avira\AntiVir PersonalEdition Premium\avguard.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\WhiteCanyon\SecureClean 4\SCWatch4.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Heure de fin: 2009-03-16 11:37:04 - La machine a redémarré [FAROUK]
ComboFix-quarantined-files.txt 2009-03-16 10:37:01
ComboFix2.txt 2009-03-09 20:15:49
ComboFix3.txt 2009-03-06 15:48:46
ComboFix4.txt 2009-02-18 17:18:18
ComboFix5.txt 2009-03-13 15:43:43

Avant-CF: 19,582,439,424 octets libres
Après-CF: 19,568,168,960 octets libres

346 --- E O F --- 2008-04-08 07:00:45




merci d avance .