Infection enrayée ?
Monsieurpatrick
Messages postés
104
Statut
Membre
-
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité -
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité -
Bonjour,
je suis infecté par "tdss.au". J'ai exécuté combofix puis usbfix dont voici les résultats:
pour combofix:
ComboFix 09-05-13.02 - Administrateur 14/05/2009 0:50.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3071.2673 [GMT 2:00]
Lancé depuis: d:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Pare-feu personnel d'ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
D:\autorun.inf
d:\documents and settings\Administrateur\Application Data\inst.exe
d:\windows\system32\drivers\gxvxcxjexeprlnmwviwwbuekhyrirsntyqxal.sys
d:\windows\system32\gxvxcbvmxvdylkixesqeeibbsdrpaaqpwaxth.dll
d:\windows\system32\gxvxccounter
F:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_GXVXCSERV.SYS
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-13 au 2009-05-13 ))))))))))))))))))))))))))))))))))))
.
2009-05-12 15:59 . 2009-05-12 16:06 43520 ----a-w d:\windows\system32\CmdLineExt03.dll
2009-05-12 15:41 . 2009-05-12 15:46 -------- d-----w d:\documents and settings\Administrateur\Application Data\GlarySoft
2009-05-12 15:35 . 2009-05-12 15:35 -------- d-----w d:\program files\Glary Utilities
2009-05-12 15:27 . 2009-05-12 15:27 -------- d-----w d:\documents and settings\NetworkService\Bureau
2009-05-12 13:25 . 2009-05-12 13:25 -------- d-----w d:\documents and settings\All Users\Application Data\vsosdk
2009-05-12 12:32 . 2009-05-12 12:32 47360 ----a-w d:\documents and settings\Administrateur\Application Data\pcouffin.sys
2009-05-12 12:32 . 2009-05-12 12:32 -------- d-----w d:\documents and settings\Administrateur\Application Data\Vso
2009-05-12 12:32 . 2009-05-12 13:41 -------- d-----w d:\program files\DVDFab 5
2009-05-12 11:04 . 2009-05-12 11:04 -------- d-----w d:\temp\DVDXPRESS
2009-05-12 09:38 . 2009-05-12 12:32 47360 ----a-w d:\windows\system32\drivers\pcouffin.sys
2009-05-12 09:37 . 2009-05-12 09:48 -------- d-----w d:\program files\321Studios
2009-05-12 09:32 . 2009-05-12 09:32 -------- d--h--w d:\windows\PIF
2009-05-12 09:11 . 2009-05-12 09:12 -------- d-----w d:\documents and settings\Administrateur\Application Data\GetRightToGo
2009-05-12 08:02 . 2009-05-12 08:09 -------- d-----w d:\temp\sky captain
2009-05-12 07:22 . 2009-05-12 07:22 -------- d-----w d:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-12 07:22 . 2009-05-12 07:22 -------- d-----w d:\program files\DVD Shrink
2009-05-12 06:24 . 2009-05-12 06:24 -------- d-----w d:\documents and settings\NetworkService\Application Data\Roxio
2009-05-11 15:51 . 2009-05-11 15:51 -------- d-----w d:\program files\Smart Projects
2009-05-11 11:51 . 2009-05-11 11:51 -------- d-----w d:\program files\DVD Decrypter
2009-05-11 10:22 . 2009-05-11 10:24 -------- d-----w d:\documents and settings\Administrateur\Application Data\Roxio
2009-05-11 10:21 . 2009-05-11 10:21 -------- d-----w d:\documents and settings\All Users\Application Data\Sonic
2009-05-11 10:20 . 2009-05-12 06:23 -------- d-----w d:\documents and settings\All Users\Application Data\Roxio
2009-05-11 10:20 . 2009-05-11 10:21 -------- d-----w d:\program files\Fichiers communs\Sonic Shared
2009-05-11 10:20 . 2009-05-11 10:21 -------- d-----w d:\program files\Roxio
2009-05-11 10:20 . 2009-05-11 10:20 -------- d-----w d:\program files\Fichiers communs\Roxio Shared
2009-05-11 10:20 . 2009-05-11 10:20 -------- d-----w d:\program files\DivX
2009-05-07 23:09 . 2009-05-07 23:09 -------- d-----w d:\documents and settings\Administrateur\Local Settings\Application Data\Ahead
2009-05-07 12:57 . 2009-05-07 12:58 -------- d-----w d:\documents and settings\Administrateur\Application Data\InfraRecorder
2009-05-07 12:57 . 2009-05-07 12:57 -------- d-----w d:\program files\InfraRecorder
2009-05-07 12:48 . 2009-05-07 12:48 -------- d-----w d:\documents and settings\Administrateur\Application Data\Canneverbe_Limited
2009-05-07 12:48 . 2009-05-07 12:48 -------- d-----w d:\program files\CDBurnerXP
2009-05-07 12:06 . 2009-05-12 11:04 -------- d-----w D:\Temp
2009-05-07 12:05 . 1998-07-21 22:00 102160 ----a-w d:\windows\system32\VB6KO.DLL
2009-05-07 12:05 . 2006-02-17 12:19 16384 ----a-w d:\windows\system32\lgfwunis.exe
2009-05-07 12:05 . 2009-05-13 21:27 -------- d-----w d:\program files\lg_fwupdate
2009-05-06 11:15 . 2009-05-06 11:15 -------- d-----w d:\program files\vso
2009-05-06 11:07 . 2009-03-17 08:38 364544 ----a-w d:\windows\system32\MACDll.dll
2009-05-06 11:07 . 2009-05-06 12:49 -------- d-----w d:\program files\Monkey's Audio
2009-05-02 09:26 . 2009-05-12 16:01 -------- d-----w d:\documents and settings\Administrateur\Application Data\foobar2000
2009-05-02 09:26 . 2009-05-02 09:26 -------- d-----w d:\program files\foobar2000
2009-04-30 00:07 . 2009-02-03 19:58 56832 -c----w d:\windows\system32\dllcache\secur32.dll
2009-04-30 00:07 . 2009-03-21 14:07 1054720 -c----w d:\windows\system32\dllcache\kernel32.dll
2009-04-30 00:07 . 2009-02-20 17:18 78336 -c----w d:\windows\system32\dllcache\ieencode.dll
2009-04-30 00:05 . 2008-06-12 14:22 956928 -c----w d:\windows\system32\dllcache\msdtctm.dll
2009-04-30 00:05 . 2008-06-12 14:22 66560 -c----w d:\windows\system32\dllcache\mtxclu.dll
2009-04-30 00:05 . 2008-06-12 14:22 161792 -c----w d:\windows\system32\dllcache\msdtcuiu.dll
2009-04-30 00:05 . 2008-06-12 14:22 91648 -c----w d:\windows\system32\dllcache\mtxoci.dll
2009-04-30 00:05 . 2008-06-12 14:22 58880 -c----w d:\windows\system32\dllcache\msdtclog.dll
2009-04-30 00:04 . 2009-02-06 10:15 227840 -c----w d:\windows\system32\dllcache\wmiprvse.exe
2009-04-30 00:04 . 2009-02-09 10:56 473600 -c----w d:\windows\system32\dllcache\fastprox.dll
2009-04-30 00:04 . 2009-03-06 13:50 286720 -c----w d:\windows\system32\dllcache\pdh.dll
2009-04-30 00:04 . 2009-02-09 10:56 401408 -c----w d:\windows\system32\dllcache\rpcss.dll
2009-04-30 00:04 . 2009-02-06 10:36 35328 -c----w d:\windows\system32\dllcache\sc.exe
2009-04-30 00:04 . 2009-02-09 11:16 111104 -c----w d:\windows\system32\dllcache\services.exe
2009-04-30 00:04 . 2009-02-09 10:56 735744 -c----w d:\windows\system32\dllcache\lsasrv.dll
2009-04-30 00:04 . 2009-02-09 10:56 453120 -c----w d:\windows\system32\dllcache\wmiprvsd.dll
2009-04-30 00:04 . 2009-02-09 10:56 740352 -c----w d:\windows\system32\dllcache\ntdll.dll
2009-04-30 00:03 . 2008-12-16 12:31 354304 -c----w d:\windows\system32\dllcache\winhttp.dll
2009-04-30 00:03 . 2008-04-21 21:15 219136 -c----w d:\windows\system32\dllcache\wordpad.exe
2009-04-25 22:12 . 2005-06-24 14:24 438272 ----a-r d:\windows\system32\vp6vfw.dll
2009-04-25 22:12 . 2009-04-25 22:12 -------- d-----w d:\program files\Electronic Arts
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 21:16 . 2008-12-29 13:46 -------- d-----w d:\program files\Nero
2009-05-13 07:13 . 2008-04-14 12:00 81626 ----a-w d:\windows\system32\perfc00C.dat
2009-05-13 07:13 . 2008-04-14 12:00 503628 ----a-w d:\windows\system32\perfh00C.dat
2009-05-12 15:54 . 2008-12-29 13:49 -------- d--h--w d:\program files\InstallShield Installation Information
2009-05-11 11:56 . 2009-01-13 03:17 65552 ----a-w d:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-07 12:05 . 2009-01-10 20:14 -------- d-----w d:\program files\Fichiers communs\InstallShield
2009-04-25 22:16 . 2008-12-29 13:49 -------- d-----w d:\program files\XnView
2009-04-08 14:13 . 2009-04-08 14:13 -------- d-----w d:\program files\iTunes
2009-04-08 14:13 . 2009-04-08 14:13 -------- d-----w d:\program files\iPod
2009-04-08 14:13 . 2009-01-12 10:22 -------- d-----w d:\program files\Fichiers communs\Apple
2009-04-08 14:12 . 2008-12-29 13:50 -------- d-----w d:\program files\QT Lite
2009-04-01 13:30 . 2009-02-16 17:08 -------- d-----w d:\program files\AviSynth 2.5
2009-04-01 13:29 . 2009-02-16 17:09 -------- d-----w d:\program files\MKVtoolnix
2009-03-30 11:58 . 2009-02-16 17:05 -------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-03-28 22:34 . 2009-03-28 22:34 -------- d-----w d:\program files\Panda Security
2009-03-26 14:49 . 2009-02-16 17:05 38496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 14:49 . 2009-02-16 17:05 15504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-03-25 16:31 . 2009-03-25 16:31 -------- d-----w d:\program files\Fichiers communs\Remote Control Software Common
2009-03-25 16:31 . 2009-03-25 16:30 -------- d-----w d:\program files\Logitech
2009-03-25 16:30 . 2009-03-25 16:30 -------- d-----w d:\program files\Fichiers communs\Remote Control USB Driver
2009-03-25 16:30 . 2009-03-25 16:30 127034 ------r d:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-03-22 14:28 . 2009-03-22 14:28 -------- d-----w d:\program files\Bonjour
2009-03-19 14:32 . 2009-01-12 10:23 23400 ----a-w d:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 13:50 . 2008-04-14 12:00 286720 ----a-w d:\windows\system32\pdh.dll
2009-03-05 22:59 . 2009-03-22 14:34 1900544 ----a-w d:\windows\system32\usbaaplrc.dll
2009-03-05 22:59 . 2009-01-12 10:22 36864 ----a-w d:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:15 . 2008-09-27 10:27 828416 ----a-w d:\windows\system32\wininet.dll
2009-02-20 17:18 . 2008-08-28 14:33 78336 ----a-w d:\windows\system32\ieencode.dll
.
------- Sigcheck -------
[-] 2008-09-27 10:27 517632 EF31A8266AF7996746392E4F45502536 d:\windows\system32\user32.dll
[-] 2008-09-27 10:27 593408 4BB6301D634C857A5089E8B24C5555E4 d:\windows\system32\winlogon.exe
[-] 2008-09-27 10:24 1573888 BFBBBFE0913E6C9706F97598A6588B8F d:\windows\explorer.exe
[-] 2008-09-27 10:24 37376 B3D95BCB6D0B033BEBFB81FADDA8B8AC d:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-01-21 5724184]
"ccleaner"="d:\program files\CCleaner\CCleaner.exe" [2009-05-07 1561840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"LGODDFU"="d:\program files\lg_fwupdate\fwupdate.exe" [2006-02-20 245760]
"RoxWatchTray"="d:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-10-27 221184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"JkDefrag"="advpack.dll" - d:\windows\system32\advpack.dll [2009-02-20 124928]
"SweetRegistry"="advpack.dll" - d:\windows\system32\advpack.dll [2009-02-20 124928]
d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - d:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-3-25 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
"NoNetConnectDisconnect"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="d:\recycler\S-1-5-21-1862839621-5540393323-896954885-2365\rundll32.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\[u]0/uautocheck autochk /r \??\f:\[u]0/uautocheck autochk /r \??\F:\[u]0/uautocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="d:\program files\QT Lite\QTTask.exe" -atboottime
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
"SoundMAXPnP"=d:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"d:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [29/03/2009 00:35 28544]
R1 LUMDriver;LUMDriver;d:\windows\system32\drivers\LUMDriver.sys [24/04/2007 17:52 16688]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};d:\program files\CyberLink\PowerDVD8\[u]0/u00.fcl [15/05/2008 13:07 61424]
R2 BBDemon;Backbone Service;f:\dassault systemes\B18\intel_a\code\bin\CATSysDemon.exe [04/05/2007 14:24 36864]
R2 ekrn;Eset Service;d:\program files\ESET\ESET Smart Security\ekrn.exe [24/10/2008 21:51 468224]
S3 CrystalSysInfo;CrystalSysInfo;d:\program files\MediaCoder\SysInfo.sys [25/09/2007 16:59 15152]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{D10A0BD6-DEAB-423e-8A6B-373B4BDB3C7B}]
rundll32.exe advpack.dll,LaunchINFSection d:\windows\INF\firefox.inf,PerUserStub
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
rundll32 advpack.dll,LaunchINFSection d:\windows\INF\ie.inf,IE7Stub
.
Contenu du dossier 'Tâches planifiées'
2009-05-02 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-05-13 d:\windows\Tasks\GlaryInitialize.job
- d:\program files\Glary Utilities\initialize.exe [2009-05-12 07:49]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-TuneUp MemOptimizer - d:\program files\TuneUp Utilities 2009\MemOptimizer.exe
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - d:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - d:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: d:\program files\QT Lite\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QT Lite\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QT Lite\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QT Lite\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QT Lite\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QT Lite\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QT Lite\Plugins\npqtplugin7.dll
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 00:51
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD8\[u]0/u00.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-746137067-492894223-1801674531-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1b,6a,0b,1f,04,b0,1a,5a,ed,23,54,ef,5e,3d,91,6b,0b,30,0b,51,e6,31,ce,
18,d4,d9,80,12,ec,2f,e9,29,3d,8e,2c,41,fa,6c,6d,af,3a,8d,fa,a0,6a,1a,c7,37,\
"??"=hex:23,90,c0,b6,71,dc,7a,f0,c7,08,a8,91,a7,61,f4,e8
[HKEY_USERS\S-1-5-21-746137067-492894223-1801674531-500\Software\SecuROM\License information*]
"datasecu"=hex:00,7b,dc,4f,70,f1,ec,36,83,93,65,fe,d8,74,82,46,78,f8,b7,ae,9e,
07,47,aa,88,19,fb,3c,60,03,72,26,e7,06,da,ca,53,ca,e2,4e,53,75,68,49,f9,88,\
"rkeysecu"=hex:79,31,c1,9c,55,76,a0,2d,58,97,07,dc,df,87,eb,5b
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1628)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\COMRes.dll
d:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1684)
d:\windows\system32\setupapi.dll
d:\windows\system32\scecli.dll
.
Heure de fin: 2009-05-13 0:52
ComboFix-quarantined-files.txt 2009-05-13 22:52
Avant-CF: 17 957 183 488 octets libres
Après-CF: 18 117 238 784 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
269 --- E O F --- 2009-05-13 22:01
---------------------------------------------------------
Puis usbfix fonction recherche:
############################## [ UsbFix V3.019 # Scan ]
# User : Administrateur (Administrateurs) # SWEET-61E1FFE39
# Update on 13/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 01:09:11 | 14/05/2009
# Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : ESET Smart Security 3.0 3.0 [ (!) Disabled | Updated ]
# FW : Pare-feu personnel d'ESET[ Enabled ]3.0.684.0
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 149,04 Go (6,14 Go free) # NTFS
# D:\ # Disque fixe local # 34,46 Go (16,96 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque fixe local # 298,09 Go (11,97 Go free) [LACIE] # NTFS
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM
# I:\ # Disque CD-ROM
# J:\ # Disque CD-ROM
############################## [ Processus actifs ]
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="D:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.google.com/?gws_rd=ssl"
HKLM_logon: "Userinit"="D:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Administrateur"
HKLM_logon: "AltDefaultUserName"="Administrateur"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NvCplDaemon=RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: egui="D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
HKLM_Run: VirtualCloneDrive="D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
HKLM_Run: LGODDFU="D:\Program Files\lg_fwupdate\fwupdate.exe"
HKLM_Run: RoxWatchTray="D:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: msnmsgr="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU_Run: ccleaner="D:\Program Files\CCleaner\CCleaner.exe" /AUTO
################## [ Informations ]
################## [ Fichiers # Dossiers infectieux ]
################## [ Registre # Clés Run infectieuses ]
Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\windows nt\currentversion\winlogon\\ "Taskman"
################## [ Registre # Mountpoints2 ]
# -> Not Found !
################## [ ! Fin du rapport # UsbFix V3.019 ! ]
-------------------------------------------------------------------------------------------
Et enfin suppression d'usbfix:
############################## [ UsbFix V3.019 # Cleaning ]
# User : Administrateur (Administrateurs) # SWEET-61E1FFE39
# Update on 13/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 01:21:47 | 14/05/2009
# Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : ESET Smart Security 3.0 3.0 [ Enabled | Updated ]
# FW : Pare-feu personnel d'ESET[ Enabled ]3.0.684.0
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 149,04 Go (6,14 Go free) # NTFS
# D:\ # Disque fixe local # 34,46 Go (16,93 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque fixe local # 298,09 Go (11,97 Go free) [LACIE] # NTFS
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM
# I:\ # Disque CD-ROM
# J:\ # Disque CD-ROM
############################## [ Processus actifs ]
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\logonui.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\system32\userinit.exe
D:\WINDOWS\Explorer.EXE
################## [ Fichiers # Dossiers infectieux ]
################## [ Registre # Clés Run infectieuses ]
# HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
Deleted ! HKLM\software\microsoft\windows nt\currentversion\winlogon\\ "Taskman"
################## [ Registre # Mountpoints2 ]
# -> Not Found !
################## [ Listing des fichiers présent ]
[25/10/2008 17:20|--a------|0] - C:\AUTOEXEC.BAT
[29/12/2008 15:22|--a------|212] - C:\Boot.bak
[14/05/2009 00:43|-rahs----|282] - C:\boot.ini
[14/04/2008 14:00|-rahs----|4952] - C:\Bootfont.bin
[03/08/2004 23:00|--a------|263488] - C:\cmldr
[25/10/2008 17:20|--a------|0] - C:\CONFIG.SYS
[10/01/2009 22:22|--a------|199] - C:\DARE.INI
[12/05/2009 10:04|--a------|33] - C:\DVDFab_Info.txt
[26/04/2009 17:03|--a------|15931] - C:\GF_Excpt.txt
[25/10/2008 17:20|-rahs----|0] - C:\IO.SYS
[25/03/2009 14:06|--a------|4194322] - C:\memory_map.tga
[16/02/2009 19:42|--a------|5615] - C:\mkv.txt
[16/02/2009 19:51|--a------|653] - C:\mpeg.txt
[25/10/2008 17:20|-rahs----|0] - C:\MSDOS.SYS
[14/04/2008 14:00|-rahs----|47564] - C:\NTDETECT.COM
[14/04/2008 14:00|-rahs----|252240] - C:\ntldr
[17/02/2009 17:48|--a------|23645] - C:\TurokGame.dmp
[14/05/2009 00:52|--a------|18847] - D:\ComboFix.txt
[?|?|?] - D:\pagefile.sys
[14/05/2009 01:22|--a------|3255] - D:\UsbFix.txt
[03/02/2008 02:00|--ah-----|6148] - F:\.DS_Store
[02/02/2008 20:38|--ah-----|4096] - F:\._.Trashes
[02/03/9999 04:37|--a------|401720] - F:\HiJackThis.exe
[07/09/2008 00:59|--a------|1542] - F:\hijackthis.log
[02/06/2002 16:23|--a------|267264] - F:\MuseDrop.exe
[16/02/2009 13:46|--a------|243] - F:\MuseDrop.ini
[07/09/2008 00:49|--a------|438] - F:\Raccourci vers HiJackThis.lnk
[09/08/2008 12:30|--a------|452608] - F:\ToolsCleaner2.exe
################## [ Vaccination ]
# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.
################## [ Cracks / Keygens / Serials ]
# -> Nothing found !
################## [ ! Fin du rapport # UsbFix V3.019 ! ]
Et donc ma question est: ma bécane est-elle toujours infectée? Vu son comportement je pense que oui mais je préfère demander l'avis d'experts.
Merci d'avance pour vos réponses.
je suis infecté par "tdss.au". J'ai exécuté combofix puis usbfix dont voici les résultats:
pour combofix:
ComboFix 09-05-13.02 - Administrateur 14/05/2009 0:50.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3071.2673 [GMT 2:00]
Lancé depuis: d:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Pare-feu personnel d'ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
D:\autorun.inf
d:\documents and settings\Administrateur\Application Data\inst.exe
d:\windows\system32\drivers\gxvxcxjexeprlnmwviwwbuekhyrirsntyqxal.sys
d:\windows\system32\gxvxcbvmxvdylkixesqeeibbsdrpaaqpwaxth.dll
d:\windows\system32\gxvxccounter
F:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_GXVXCSERV.SYS
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-13 au 2009-05-13 ))))))))))))))))))))))))))))))))))))
.
2009-05-12 15:59 . 2009-05-12 16:06 43520 ----a-w d:\windows\system32\CmdLineExt03.dll
2009-05-12 15:41 . 2009-05-12 15:46 -------- d-----w d:\documents and settings\Administrateur\Application Data\GlarySoft
2009-05-12 15:35 . 2009-05-12 15:35 -------- d-----w d:\program files\Glary Utilities
2009-05-12 15:27 . 2009-05-12 15:27 -------- d-----w d:\documents and settings\NetworkService\Bureau
2009-05-12 13:25 . 2009-05-12 13:25 -------- d-----w d:\documents and settings\All Users\Application Data\vsosdk
2009-05-12 12:32 . 2009-05-12 12:32 47360 ----a-w d:\documents and settings\Administrateur\Application Data\pcouffin.sys
2009-05-12 12:32 . 2009-05-12 12:32 -------- d-----w d:\documents and settings\Administrateur\Application Data\Vso
2009-05-12 12:32 . 2009-05-12 13:41 -------- d-----w d:\program files\DVDFab 5
2009-05-12 11:04 . 2009-05-12 11:04 -------- d-----w d:\temp\DVDXPRESS
2009-05-12 09:38 . 2009-05-12 12:32 47360 ----a-w d:\windows\system32\drivers\pcouffin.sys
2009-05-12 09:37 . 2009-05-12 09:48 -------- d-----w d:\program files\321Studios
2009-05-12 09:32 . 2009-05-12 09:32 -------- d--h--w d:\windows\PIF
2009-05-12 09:11 . 2009-05-12 09:12 -------- d-----w d:\documents and settings\Administrateur\Application Data\GetRightToGo
2009-05-12 08:02 . 2009-05-12 08:09 -------- d-----w d:\temp\sky captain
2009-05-12 07:22 . 2009-05-12 07:22 -------- d-----w d:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-12 07:22 . 2009-05-12 07:22 -------- d-----w d:\program files\DVD Shrink
2009-05-12 06:24 . 2009-05-12 06:24 -------- d-----w d:\documents and settings\NetworkService\Application Data\Roxio
2009-05-11 15:51 . 2009-05-11 15:51 -------- d-----w d:\program files\Smart Projects
2009-05-11 11:51 . 2009-05-11 11:51 -------- d-----w d:\program files\DVD Decrypter
2009-05-11 10:22 . 2009-05-11 10:24 -------- d-----w d:\documents and settings\Administrateur\Application Data\Roxio
2009-05-11 10:21 . 2009-05-11 10:21 -------- d-----w d:\documents and settings\All Users\Application Data\Sonic
2009-05-11 10:20 . 2009-05-12 06:23 -------- d-----w d:\documents and settings\All Users\Application Data\Roxio
2009-05-11 10:20 . 2009-05-11 10:21 -------- d-----w d:\program files\Fichiers communs\Sonic Shared
2009-05-11 10:20 . 2009-05-11 10:21 -------- d-----w d:\program files\Roxio
2009-05-11 10:20 . 2009-05-11 10:20 -------- d-----w d:\program files\Fichiers communs\Roxio Shared
2009-05-11 10:20 . 2009-05-11 10:20 -------- d-----w d:\program files\DivX
2009-05-07 23:09 . 2009-05-07 23:09 -------- d-----w d:\documents and settings\Administrateur\Local Settings\Application Data\Ahead
2009-05-07 12:57 . 2009-05-07 12:58 -------- d-----w d:\documents and settings\Administrateur\Application Data\InfraRecorder
2009-05-07 12:57 . 2009-05-07 12:57 -------- d-----w d:\program files\InfraRecorder
2009-05-07 12:48 . 2009-05-07 12:48 -------- d-----w d:\documents and settings\Administrateur\Application Data\Canneverbe_Limited
2009-05-07 12:48 . 2009-05-07 12:48 -------- d-----w d:\program files\CDBurnerXP
2009-05-07 12:06 . 2009-05-12 11:04 -------- d-----w D:\Temp
2009-05-07 12:05 . 1998-07-21 22:00 102160 ----a-w d:\windows\system32\VB6KO.DLL
2009-05-07 12:05 . 2006-02-17 12:19 16384 ----a-w d:\windows\system32\lgfwunis.exe
2009-05-07 12:05 . 2009-05-13 21:27 -------- d-----w d:\program files\lg_fwupdate
2009-05-06 11:15 . 2009-05-06 11:15 -------- d-----w d:\program files\vso
2009-05-06 11:07 . 2009-03-17 08:38 364544 ----a-w d:\windows\system32\MACDll.dll
2009-05-06 11:07 . 2009-05-06 12:49 -------- d-----w d:\program files\Monkey's Audio
2009-05-02 09:26 . 2009-05-12 16:01 -------- d-----w d:\documents and settings\Administrateur\Application Data\foobar2000
2009-05-02 09:26 . 2009-05-02 09:26 -------- d-----w d:\program files\foobar2000
2009-04-30 00:07 . 2009-02-03 19:58 56832 -c----w d:\windows\system32\dllcache\secur32.dll
2009-04-30 00:07 . 2009-03-21 14:07 1054720 -c----w d:\windows\system32\dllcache\kernel32.dll
2009-04-30 00:07 . 2009-02-20 17:18 78336 -c----w d:\windows\system32\dllcache\ieencode.dll
2009-04-30 00:05 . 2008-06-12 14:22 956928 -c----w d:\windows\system32\dllcache\msdtctm.dll
2009-04-30 00:05 . 2008-06-12 14:22 66560 -c----w d:\windows\system32\dllcache\mtxclu.dll
2009-04-30 00:05 . 2008-06-12 14:22 161792 -c----w d:\windows\system32\dllcache\msdtcuiu.dll
2009-04-30 00:05 . 2008-06-12 14:22 91648 -c----w d:\windows\system32\dllcache\mtxoci.dll
2009-04-30 00:05 . 2008-06-12 14:22 58880 -c----w d:\windows\system32\dllcache\msdtclog.dll
2009-04-30 00:04 . 2009-02-06 10:15 227840 -c----w d:\windows\system32\dllcache\wmiprvse.exe
2009-04-30 00:04 . 2009-02-09 10:56 473600 -c----w d:\windows\system32\dllcache\fastprox.dll
2009-04-30 00:04 . 2009-03-06 13:50 286720 -c----w d:\windows\system32\dllcache\pdh.dll
2009-04-30 00:04 . 2009-02-09 10:56 401408 -c----w d:\windows\system32\dllcache\rpcss.dll
2009-04-30 00:04 . 2009-02-06 10:36 35328 -c----w d:\windows\system32\dllcache\sc.exe
2009-04-30 00:04 . 2009-02-09 11:16 111104 -c----w d:\windows\system32\dllcache\services.exe
2009-04-30 00:04 . 2009-02-09 10:56 735744 -c----w d:\windows\system32\dllcache\lsasrv.dll
2009-04-30 00:04 . 2009-02-09 10:56 453120 -c----w d:\windows\system32\dllcache\wmiprvsd.dll
2009-04-30 00:04 . 2009-02-09 10:56 740352 -c----w d:\windows\system32\dllcache\ntdll.dll
2009-04-30 00:03 . 2008-12-16 12:31 354304 -c----w d:\windows\system32\dllcache\winhttp.dll
2009-04-30 00:03 . 2008-04-21 21:15 219136 -c----w d:\windows\system32\dllcache\wordpad.exe
2009-04-25 22:12 . 2005-06-24 14:24 438272 ----a-r d:\windows\system32\vp6vfw.dll
2009-04-25 22:12 . 2009-04-25 22:12 -------- d-----w d:\program files\Electronic Arts
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 21:16 . 2008-12-29 13:46 -------- d-----w d:\program files\Nero
2009-05-13 07:13 . 2008-04-14 12:00 81626 ----a-w d:\windows\system32\perfc00C.dat
2009-05-13 07:13 . 2008-04-14 12:00 503628 ----a-w d:\windows\system32\perfh00C.dat
2009-05-12 15:54 . 2008-12-29 13:49 -------- d--h--w d:\program files\InstallShield Installation Information
2009-05-11 11:56 . 2009-01-13 03:17 65552 ----a-w d:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-07 12:05 . 2009-01-10 20:14 -------- d-----w d:\program files\Fichiers communs\InstallShield
2009-04-25 22:16 . 2008-12-29 13:49 -------- d-----w d:\program files\XnView
2009-04-08 14:13 . 2009-04-08 14:13 -------- d-----w d:\program files\iTunes
2009-04-08 14:13 . 2009-04-08 14:13 -------- d-----w d:\program files\iPod
2009-04-08 14:13 . 2009-01-12 10:22 -------- d-----w d:\program files\Fichiers communs\Apple
2009-04-08 14:12 . 2008-12-29 13:50 -------- d-----w d:\program files\QT Lite
2009-04-01 13:30 . 2009-02-16 17:08 -------- d-----w d:\program files\AviSynth 2.5
2009-04-01 13:29 . 2009-02-16 17:09 -------- d-----w d:\program files\MKVtoolnix
2009-03-30 11:58 . 2009-02-16 17:05 -------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-03-28 22:34 . 2009-03-28 22:34 -------- d-----w d:\program files\Panda Security
2009-03-26 14:49 . 2009-02-16 17:05 38496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 14:49 . 2009-02-16 17:05 15504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-03-25 16:31 . 2009-03-25 16:31 -------- d-----w d:\program files\Fichiers communs\Remote Control Software Common
2009-03-25 16:31 . 2009-03-25 16:30 -------- d-----w d:\program files\Logitech
2009-03-25 16:30 . 2009-03-25 16:30 -------- d-----w d:\program files\Fichiers communs\Remote Control USB Driver
2009-03-25 16:30 . 2009-03-25 16:30 127034 ------r d:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-03-22 14:28 . 2009-03-22 14:28 -------- d-----w d:\program files\Bonjour
2009-03-19 14:32 . 2009-01-12 10:23 23400 ----a-w d:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 13:50 . 2008-04-14 12:00 286720 ----a-w d:\windows\system32\pdh.dll
2009-03-05 22:59 . 2009-03-22 14:34 1900544 ----a-w d:\windows\system32\usbaaplrc.dll
2009-03-05 22:59 . 2009-01-12 10:22 36864 ----a-w d:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:15 . 2008-09-27 10:27 828416 ----a-w d:\windows\system32\wininet.dll
2009-02-20 17:18 . 2008-08-28 14:33 78336 ----a-w d:\windows\system32\ieencode.dll
.
------- Sigcheck -------
[-] 2008-09-27 10:27 517632 EF31A8266AF7996746392E4F45502536 d:\windows\system32\user32.dll
[-] 2008-09-27 10:27 593408 4BB6301D634C857A5089E8B24C5555E4 d:\windows\system32\winlogon.exe
[-] 2008-09-27 10:24 1573888 BFBBBFE0913E6C9706F97598A6588B8F d:\windows\explorer.exe
[-] 2008-09-27 10:24 37376 B3D95BCB6D0B033BEBFB81FADDA8B8AC d:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-01-21 5724184]
"ccleaner"="d:\program files\CCleaner\CCleaner.exe" [2009-05-07 1561840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"LGODDFU"="d:\program files\lg_fwupdate\fwupdate.exe" [2006-02-20 245760]
"RoxWatchTray"="d:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-10-27 221184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"JkDefrag"="advpack.dll" - d:\windows\system32\advpack.dll [2009-02-20 124928]
"SweetRegistry"="advpack.dll" - d:\windows\system32\advpack.dll [2009-02-20 124928]
d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - d:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-3-25 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
"NoNetConnectDisconnect"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="d:\recycler\S-1-5-21-1862839621-5540393323-896954885-2365\rundll32.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\[u]0/uautocheck autochk /r \??\f:\[u]0/uautocheck autochk /r \??\F:\[u]0/uautocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="d:\program files\QT Lite\QTTask.exe" -atboottime
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
"SoundMAXPnP"=d:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"d:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [29/03/2009 00:35 28544]
R1 LUMDriver;LUMDriver;d:\windows\system32\drivers\LUMDriver.sys [24/04/2007 17:52 16688]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};d:\program files\CyberLink\PowerDVD8\[u]0/u00.fcl [15/05/2008 13:07 61424]
R2 BBDemon;Backbone Service;f:\dassault systemes\B18\intel_a\code\bin\CATSysDemon.exe [04/05/2007 14:24 36864]
R2 ekrn;Eset Service;d:\program files\ESET\ESET Smart Security\ekrn.exe [24/10/2008 21:51 468224]
S3 CrystalSysInfo;CrystalSysInfo;d:\program files\MediaCoder\SysInfo.sys [25/09/2007 16:59 15152]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{D10A0BD6-DEAB-423e-8A6B-373B4BDB3C7B}]
rundll32.exe advpack.dll,LaunchINFSection d:\windows\INF\firefox.inf,PerUserStub
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
rundll32 advpack.dll,LaunchINFSection d:\windows\INF\ie.inf,IE7Stub
.
Contenu du dossier 'Tâches planifiées'
2009-05-02 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-05-13 d:\windows\Tasks\GlaryInitialize.job
- d:\program files\Glary Utilities\initialize.exe [2009-05-12 07:49]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-TuneUp MemOptimizer - d:\program files\TuneUp Utilities 2009\MemOptimizer.exe
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - d:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - d:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: d:\program files\QT Lite\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QT Lite\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QT Lite\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QT Lite\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QT Lite\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QT Lite\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QT Lite\Plugins\npqtplugin7.dll
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 00:51
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD8\[u]0/u00.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-746137067-492894223-1801674531-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1b,6a,0b,1f,04,b0,1a,5a,ed,23,54,ef,5e,3d,91,6b,0b,30,0b,51,e6,31,ce,
18,d4,d9,80,12,ec,2f,e9,29,3d,8e,2c,41,fa,6c,6d,af,3a,8d,fa,a0,6a,1a,c7,37,\
"??"=hex:23,90,c0,b6,71,dc,7a,f0,c7,08,a8,91,a7,61,f4,e8
[HKEY_USERS\S-1-5-21-746137067-492894223-1801674531-500\Software\SecuROM\License information*]
"datasecu"=hex:00,7b,dc,4f,70,f1,ec,36,83,93,65,fe,d8,74,82,46,78,f8,b7,ae,9e,
07,47,aa,88,19,fb,3c,60,03,72,26,e7,06,da,ca,53,ca,e2,4e,53,75,68,49,f9,88,\
"rkeysecu"=hex:79,31,c1,9c,55,76,a0,2d,58,97,07,dc,df,87,eb,5b
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1628)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\COMRes.dll
d:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1684)
d:\windows\system32\setupapi.dll
d:\windows\system32\scecli.dll
.
Heure de fin: 2009-05-13 0:52
ComboFix-quarantined-files.txt 2009-05-13 22:52
Avant-CF: 17 957 183 488 octets libres
Après-CF: 18 117 238 784 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
269 --- E O F --- 2009-05-13 22:01
---------------------------------------------------------
Puis usbfix fonction recherche:
############################## [ UsbFix V3.019 # Scan ]
# User : Administrateur (Administrateurs) # SWEET-61E1FFE39
# Update on 13/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 01:09:11 | 14/05/2009
# Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : ESET Smart Security 3.0 3.0 [ (!) Disabled | Updated ]
# FW : Pare-feu personnel d'ESET[ Enabled ]3.0.684.0
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 149,04 Go (6,14 Go free) # NTFS
# D:\ # Disque fixe local # 34,46 Go (16,96 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque fixe local # 298,09 Go (11,97 Go free) [LACIE] # NTFS
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM
# I:\ # Disque CD-ROM
# J:\ # Disque CD-ROM
############################## [ Processus actifs ]
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="D:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.google.com/?gws_rd=ssl"
HKLM_logon: "Userinit"="D:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Administrateur"
HKLM_logon: "AltDefaultUserName"="Administrateur"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NvCplDaemon=RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: egui="D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
HKLM_Run: VirtualCloneDrive="D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
HKLM_Run: LGODDFU="D:\Program Files\lg_fwupdate\fwupdate.exe"
HKLM_Run: RoxWatchTray="D:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: msnmsgr="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU_Run: ccleaner="D:\Program Files\CCleaner\CCleaner.exe" /AUTO
################## [ Informations ]
################## [ Fichiers # Dossiers infectieux ]
################## [ Registre # Clés Run infectieuses ]
Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\windows nt\currentversion\winlogon\\ "Taskman"
################## [ Registre # Mountpoints2 ]
# -> Not Found !
################## [ ! Fin du rapport # UsbFix V3.019 ! ]
-------------------------------------------------------------------------------------------
Et enfin suppression d'usbfix:
############################## [ UsbFix V3.019 # Cleaning ]
# User : Administrateur (Administrateurs) # SWEET-61E1FFE39
# Update on 13/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 01:21:47 | 14/05/2009
# Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : ESET Smart Security 3.0 3.0 [ Enabled | Updated ]
# FW : Pare-feu personnel d'ESET[ Enabled ]3.0.684.0
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 149,04 Go (6,14 Go free) # NTFS
# D:\ # Disque fixe local # 34,46 Go (16,93 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque fixe local # 298,09 Go (11,97 Go free) [LACIE] # NTFS
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM
# I:\ # Disque CD-ROM
# J:\ # Disque CD-ROM
############################## [ Processus actifs ]
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\logonui.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\system32\userinit.exe
D:\WINDOWS\Explorer.EXE
################## [ Fichiers # Dossiers infectieux ]
################## [ Registre # Clés Run infectieuses ]
# HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
Deleted ! HKLM\software\microsoft\windows nt\currentversion\winlogon\\ "Taskman"
################## [ Registre # Mountpoints2 ]
# -> Not Found !
################## [ Listing des fichiers présent ]
[25/10/2008 17:20|--a------|0] - C:\AUTOEXEC.BAT
[29/12/2008 15:22|--a------|212] - C:\Boot.bak
[14/05/2009 00:43|-rahs----|282] - C:\boot.ini
[14/04/2008 14:00|-rahs----|4952] - C:\Bootfont.bin
[03/08/2004 23:00|--a------|263488] - C:\cmldr
[25/10/2008 17:20|--a------|0] - C:\CONFIG.SYS
[10/01/2009 22:22|--a------|199] - C:\DARE.INI
[12/05/2009 10:04|--a------|33] - C:\DVDFab_Info.txt
[26/04/2009 17:03|--a------|15931] - C:\GF_Excpt.txt
[25/10/2008 17:20|-rahs----|0] - C:\IO.SYS
[25/03/2009 14:06|--a------|4194322] - C:\memory_map.tga
[16/02/2009 19:42|--a------|5615] - C:\mkv.txt
[16/02/2009 19:51|--a------|653] - C:\mpeg.txt
[25/10/2008 17:20|-rahs----|0] - C:\MSDOS.SYS
[14/04/2008 14:00|-rahs----|47564] - C:\NTDETECT.COM
[14/04/2008 14:00|-rahs----|252240] - C:\ntldr
[17/02/2009 17:48|--a------|23645] - C:\TurokGame.dmp
[14/05/2009 00:52|--a------|18847] - D:\ComboFix.txt
[?|?|?] - D:\pagefile.sys
[14/05/2009 01:22|--a------|3255] - D:\UsbFix.txt
[03/02/2008 02:00|--ah-----|6148] - F:\.DS_Store
[02/02/2008 20:38|--ah-----|4096] - F:\._.Trashes
[02/03/9999 04:37|--a------|401720] - F:\HiJackThis.exe
[07/09/2008 00:59|--a------|1542] - F:\hijackthis.log
[02/06/2002 16:23|--a------|267264] - F:\MuseDrop.exe
[16/02/2009 13:46|--a------|243] - F:\MuseDrop.ini
[07/09/2008 00:49|--a------|438] - F:\Raccourci vers HiJackThis.lnk
[09/08/2008 12:30|--a------|452608] - F:\ToolsCleaner2.exe
################## [ Vaccination ]
# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.
################## [ Cracks / Keygens / Serials ]
# -> Nothing found !
################## [ ! Fin du rapport # UsbFix V3.019 ! ]
Et donc ma question est: ma bécane est-elle toujours infectée? Vu son comportement je pense que oui mais je préfère demander l'avis d'experts.
Merci d'avance pour vos réponses.
A voir également:
- Infection enrayée ?
- Infection FileRepMetagen - Forum Virus
- Infection WonderShare ✓ - Forum Virus
- Infection winrmsrv ✓ - Forum Virus
- Infection fahcore_a8 ✓ - Forum Virus
- Infection par 007guard ✓ - Forum Virus
1 réponse
Bonsoir,
Me faire un autre combofix, puis ceci :
Pour commencer : faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner
Ensuite :
Télécharge le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Renomme Hijackthis en Tutu
Double-clique sur HJTInstall.exe (tutu) pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la licence en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
Tutoriaux (ne fixe rien pour le moment !!)
Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
Me faire un autre combofix, puis ceci :
Pour commencer : faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner
Ensuite :
Télécharge le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Renomme Hijackthis en Tutu
Double-clique sur HJTInstall.exe (tutu) pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la licence en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
Tutoriaux (ne fixe rien pour le moment !!)
Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
