Restauration du systeme impossible
muffinz
Messages postés
4
Statut
Membre
-
muffinz -
muffinz -
Bonjour,
Je suis sur XP Pro. Le titre de mon msg est (je crois) assez explicite. En outre, je ne parviens pas à ouvrir ni chrome, ni IE, ni Mozilla.
Voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:56:02, on 03/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\v-cedlam\Local Settings\Temporary Internet Files\Content.IE5\YZSHIUPX\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.144.24.27:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar4.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar4.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /silentRetrials /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\v-cedlam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ocwsiws] "c:\documents and settings\v-cedlam\local settings\application data\ocwsiws.exe" ocwsiws
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SU 3.14; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.2; WWTClient2)" -"https://www.miniclip.com/games/championship-rally/en/"
O4 - HKCU\..\Policies\Explorer\Run: [1] Wscript //B //NOLOGO \\europe.corp.microsoft.com\netlogon\corpsec\av\RunAVCheck.vbs
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - https://www.miniclip.com/games/ricochet-lost-worlds/fr/ReflexiveWebGameLoader.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/30.49/uploader2.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - https://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - https://tiragesphoto.fnac.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.corp.microsoft.com
O17 - HKLM\Software\..\Telephony: DomainName = europe.corp.microsoft.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = europe.corp.microsoft.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = europe.corp.microsoft.com
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = europe.corp.microsoft.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
Je suis sur XP Pro. Le titre de mon msg est (je crois) assez explicite. En outre, je ne parviens pas à ouvrir ni chrome, ni IE, ni Mozilla.
Voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:56:02, on 03/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\v-cedlam\Local Settings\Temporary Internet Files\Content.IE5\YZSHIUPX\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.144.24.27:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar4.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar4.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /silentRetrials /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\v-cedlam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ocwsiws] "c:\documents and settings\v-cedlam\local settings\application data\ocwsiws.exe" ocwsiws
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SU 3.14; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.2; WWTClient2)" -"https://www.miniclip.com/games/championship-rally/en/"
O4 - HKCU\..\Policies\Explorer\Run: [1] Wscript //B //NOLOGO \\europe.corp.microsoft.com\netlogon\corpsec\av\RunAVCheck.vbs
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - https://www.miniclip.com/games/ricochet-lost-worlds/fr/ReflexiveWebGameLoader.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/30.49/uploader2.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - https://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - https://tiragesphoto.fnac.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.corp.microsoft.com
O17 - HKLM\Software\..\Telephony: DomainName = europe.corp.microsoft.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = europe.corp.microsoft.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = europe.corp.microsoft.com
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = europe.corp.microsoft.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
A voir également:
- Restauration du systeme impossible
- Restauration systeme windows 10 - Guide
- Vérificateur des fichiers système - Guide
- Restauration usine pc - Guide
- Vous avez besoin d'une autorisation de la part de système pour modifier ce dossier - Guide
- Restauration des données - Guide
25 réponses
Salut,
je ne parviens plus à executer combofix.exe. J'ai téléchargé 'appli sur une cle usb et tente de l'installer sur mon pc. Dès le démarrage de l'ordi comodo m'indique qu'il a detécté plusieurs virus ApplicUnsaf.Win32.Hide Application.Win32.Nircmd qui se trouvent sur la racine C:\32788R22FWJFW\n et C:\32788R22WJFW\hidec.exe, C:\32788R22WJFW\NirCmd.cfexe
J'ai tenté plusieurs manip, en désactivant comodo, G un msg d'erreur, Windows ne trouve pas 32788R22FWJW\n et hidec.exe. Vérifier que vous avez entré le nom correctement etc etc.. et un autre msg Windows ne parvient pas à accéder au périphérique (ma clé usb), vous ne disposez peut-être pas des authorisations ncessaires.
Avec comodo activé, j'ai tenté la quarantaine, la suppression et de les ignorer et dans ce cas les msg d'alertes reviennent systématiquement. Sans succès non plus, les mm messages d'echec .
:( :( :( :( c'est sans fin cette merde d'infection!! Que faire?Merci
je ne parviens plus à executer combofix.exe. J'ai téléchargé 'appli sur une cle usb et tente de l'installer sur mon pc. Dès le démarrage de l'ordi comodo m'indique qu'il a detécté plusieurs virus ApplicUnsaf.Win32.Hide Application.Win32.Nircmd qui se trouvent sur la racine C:\32788R22FWJFW\n et C:\32788R22WJFW\hidec.exe, C:\32788R22WJFW\NirCmd.cfexe
J'ai tenté plusieurs manip, en désactivant comodo, G un msg d'erreur, Windows ne trouve pas 32788R22FWJW\n et hidec.exe. Vérifier que vous avez entré le nom correctement etc etc.. et un autre msg Windows ne parvient pas à accéder au périphérique (ma clé usb), vous ne disposez peut-être pas des authorisations ncessaires.
Avec comodo activé, j'ai tenté la quarantaine, la suppression et de les ignorer et dans ce cas les msg d'alertes reviennent systématiquement. Sans succès non plus, les mm messages d'echec .
:( :( :( :( c'est sans fin cette merde d'infection!! Que faire?Merci
Ne tiens pas compte de mon précédent msf, j'avais d'une part mal paramétré comdo si bien que l'accès à combofix n'était pas authorisé, et d'autre part mal lu tes reco (à savoir je tentais d'installer combo alors qu'il fallait juste le mettre sur le bureau). Après reparamétrage, combofix s'est executé, j'ai conservé le rapport mais ce n'est peut-être pas utile, dis-moi si tu veux que je te l'envoie.
Revenons à tes reco, voici le rapport du scan après le glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe. Petite subtilité, mon pc a redémarré sans que je fasse quoique ce soit. dès l'ouverture une fenêtre s'est ouverte C:\ Find3M compte rendu en cours de prépa..
A+, merci
ComboFix 09-06-26.02 - v-cedlam 27/06/2009 12:30.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1033.18.1015.597 [GMT 2:00]
LancÈ depuis: c:\documents and settings\v-cedlam\Desktop\ComboFix.exe
Commutateurs utilisÈs :: c:\documents and settings\v-cedlam\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((( Fichiers crÈÈs du 2009-05-27 au 2009-06-27 ))))))))))))))))))))))))))))))))))))
.
2009-06-27 10:25 . 2009-06-27 10:25 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-27 09:52 . 2009-06-27 10:00 -------- d-----w- C:\32788R22FWJFW.2.tmp
2009-06-27 09:51 . 2009-06-27 09:52 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-06-27 09:43 . 2009-06-27 09:44 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-12 09:30 . 2009-06-12 09:30 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-04 16:24 . 2009-06-27 10:15 428385 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-06-04 15:05 . 2009-06-04 15:05 253688 ----a-w- c:\windows\system32\cssdll32.dll
2009-06-04 15:03 . 2009-06-04 15:05 -------- d-----w- c:\program files\COMODO
2009-06-04 09:41 . 2009-06-04 09:41 -------- d-----w- c:\program files\Zone Labs
2009-06-04 09:39 . 2009-06-04 09:41 -------- d-----w- c:\windows\Internet Logs
2009-06-04 09:02 . 2009-06-04 11:24 -------- d-----w- c:\program files\Navilog1
2009-06-04 08:56 . 2009-06-04 09:29 -------- d-----w- C:\ToolBar SD
2009-06-03 11:46 . 2009-06-03 11:46 -------- d-----w- C:\Sauvegarde
2009-06-03 11:26 . 2009-06-03 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\RH_Backups
2009-06-03 11:26 . 2009-06-03 11:26 -------- d-----w- c:\program files\RegHealer
2009-06-02 10:36 . 2009-06-02 11:34 -------- d-----w- c:\program files\RegCleaner
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 10:35 . 2009-06-27 10:35 0 ----a-w- C:\Ntf18.tmp
2009-06-27 10:35 . 2009-06-27 10:35 0 ----a-w- C:\Ntf17.tmp
2009-06-27 10:16 . 2009-06-27 10:16 67 ----a-w- C:\Ntf16.tmp
2009-06-27 10:16 . 2009-06-27 10:16 67 ----a-w- C:\Ntf15.tmp
2009-06-05 08:59 . 2008-09-06 17:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-05 08:43 . 2009-06-05 08:43 67 ----a-w- C:\Ntf14.tmp
2009-06-05 08:43 . 2009-06-05 08:43 67 ----a-w- C:\Ntf13.tmp
2009-06-04 19:21 . 2009-06-04 19:21 67 ----a-w- C:\Ntf12.tmp
2009-06-04 19:21 . 2009-06-04 19:21 67 ----a-w- C:\Ntf11.tmp
2009-06-04 18:56 . 2009-06-04 18:56 67 ----a-w- C:\NtfF.tmp
2009-06-04 18:56 . 2009-06-04 18:56 67 ----a-w- C:\Ntf10.tmp
2009-06-04 16:24 . 2009-06-04 16:24 67 ----a-w- C:\NtfE.tmp
2009-06-04 16:24 . 2009-06-04 16:24 67 ----a-w- C:\NtfD.tmp
2009-06-04 14:35 . 2009-06-04 14:35 67 ----a-w- C:\NtfC.tmp
2009-06-04 14:35 . 2009-06-04 14:35 67 ----a-w- C:\Ntf1.tmp
2009-06-04 14:25 . 2006-10-20 10:36 -------- d-----w- c:\program files\CA
2009-06-04 09:15 . 2009-06-04 09:15 67 ----a-w- C:\Ntf9.tmp
2009-06-04 09:15 . 2009-06-04 09:15 67 ----a-w- C:\Ntf8.tmp
2009-06-04 09:05 . 2009-06-04 09:05 67 ----a-w- C:\Ntf7.tmp
2009-06-04 09:05 . 2009-06-04 09:05 67 ----a-w- C:\Ntf6.tmp
2009-06-03 18:06 . 2009-06-03 18:06 67 ----a-w- C:\Ntf5.tmp
2009-06-03 18:06 . 2009-06-03 18:06 67 ----a-w- C:\Ntf4.tmp
2009-06-02 13:42 . 2009-06-02 13:42 67 ----a-w- C:\Ntf3.tmp
2009-06-02 13:42 . 2009-06-02 13:42 67 ----a-w- C:\Ntf2.tmp
2009-06-02 13:32 . 2009-06-02 13:32 67 ----a-w- C:\NtfB.tmp
2009-06-02 13:32 . 2009-06-02 13:32 67 ----a-w- C:\NtfA.tmp
2009-06-02 11:50 . 2008-03-07 14:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-02 11:47 . 2008-09-06 17:17 -------- d-----w- c:\program files\a-squared Free
2009-06-02 11:46 . 2009-05-07 15:52 -------- d-----w- c:\program files\MailNavigator(2)
2009-06-02 11:45 . 2008-04-04 08:57 -------- d-----w- c:\program files\Windows Live Toolbar
2009-06-02 11:45 . 2008-04-04 08:49 -------- d-----w- c:\program files\Windows Live
2009-06-02 11:43 . 2009-05-07 16:00 -------- d-----w- c:\program files\OE-Mail Recovery
2009-06-02 11:42 . 2009-05-19 15:36 -------- d-----w- c:\program files\Microsoft
2009-06-02 09:26 . 2008-02-14 13:01 -------- d-----w- c:\program files\Norton Security Scan
2009-05-23 18:24 . 2009-05-23 18:24 -------- d-----w- c:\program files\Panda Security
2009-05-19 15:42 . 2009-05-19 15:42 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-19 15:29 . 2009-05-19 15:29 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-18 13:55 . 2008-03-14 14:20 -------- d-----w- c:\program files\Java
2009-05-15 11:59 . 2006-10-20 10:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-15 11:59 . 2008-02-13 16:09 -------- d-----w- c:\program files\Google
2009-04-21 16:06 . 2009-04-21 16:06 0 ----a-w- c:\windows\nsreg.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-06-04_14.36.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-27 10:35 . 2009-06-27 10:35 16384 c:\windows\temp\usgthrsvc\Perflib_Perfdata_718.dat
+ 2009-06-27 10:35 . 2009-06-27 10:35 16384 c:\windows\temp\Perflib_Perfdata_668.dat
+ 2009-06-27 10:25 . 2007-07-30 18:19 53080 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-27 10:25 . 2004-08-04 12:00 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-27 10:25 . 2004-08-04 12:00 24576 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-27 10:25 . 2004-08-04 12:00 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-27 10:25 . 2005-06-10 23:53 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-27 10:25 . 2004-08-04 12:00 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-27 10:25 . 2004-08-04 12:00 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-27 10:25 . 2004-08-03 20:58 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-27 10:25 . 2004-08-04 12:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-27 10:25 . 2004-08-04 12:00 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-27 10:25 . 2004-08-04 12:00 502272 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-27 10:25 . 2007-10-10 23:56 824832 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-27 10:25 . 2007-03-08 15:36 577536 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-27 10:25 . 2004-08-04 12:00 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-27 10:25 . 2006-04-20 11:51 359808 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-27 10:25 . 2004-08-04 12:00 108032 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-27 10:25 . 2004-08-04 12:00 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-27 10:25 . 2007-04-16 15:52 984576 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-27 10:25 . 2004-08-04 12:00 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-27 10:25 . 2004-08-04 12:00 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-27 10:25 . 2004-08-04 12:00 1580544 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-27 10:25 . 2007-02-28 09:55 2182144 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-27 10:25 . 2007-02-28 09:15 2059392 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-27 10:25 . 2007-06-13 10:23 1033216 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ÈlÈments vides & les ÈlÈments initiaux lÈgitimes ne sont pas listÈs
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-19 68856]
"Google Update"="c:\documents and settings\v-cedlam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-14 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-10-17 243240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-06-04 278264]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2003-01-23 4608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"1"="Wscript" [X]
c:\documents and settings\v-cedlam\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'Çcran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Firewall Client Management.lnk - c:\windows\Installer\{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}\NewShortcut1_8C7A59A89ABE459A9A9308C281A4A264.exe [2006-10-20 53248]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\cssdll32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1721254763-462695806-1538882281-2580158\Scripts\Logon\0\0]
"Script"=script_wrapper.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1721254763-462695806-1538882281-2580158\Scripts\Logon\1\0]
"Script"=script_wrapper.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1721254763-462695806-1538882281-2692121\Scripts\Logon\0\0]
"Script"=script_wrapper.cmd
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\v-cedlam\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Documents and Settings\\v-cedlam\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\v-cedlam\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [23/05/2009 20:26 28544]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [04/04/2008 11:00 43816]
R2 FwcAgent;Firewall Client Agent;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [23/12/2004 02:00 124248]
R2 SRUserService;IT Connection Manager;c:\program files\IT Connection Manager\SRUserService.exe [26/05/2005 20:00 187152]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [03/01/2008 13:10 88192]
S2 fsssvc;Windows Live OneCare Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 523816]
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [20/10/2006 10:16 92550]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [19/12/2008 00:05 120168]
.
Contenu du dossier 'T‚ches planifiÈes'
2009-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1721254763-462695806-1538882281-2692121.job
- c:\documents and settings\v-cedlam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-14 18:50]
.
.
------- Examen supplÈmentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 195.144.24.27:80
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
FF - ProfilePath - c:\documents and settings\v-cedlam\Application Data\Mozilla\Firefox\Profiles\0us0rm6v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\documents and settings\v-cedlam\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\v-cedlam\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
---- PARAMETRES FIREFOX ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 12:36
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachÈs ...
Recherche d'ÈlÈments en dÈmarrage automatique cachÈs ...
Recherche de fichiers cachÈs ...
Scan terminÈ avec succËs
Fichiers cachÈs: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,aa,a8,f7,a1,99,
1e,94,c9,c8,28,51,af,b0,29,a3,98,72,68,29,61,fb,c4,44,df,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,0b,83,35,bb,91,
dd,4c,30,71,3b,04,66,8b,46,0d,96,cc,56,11,b7,03,9d,c4,a1,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,7a,dd,99,85,6e,
bd,24,a9,25,da,ec,7e,55,20,c9,26,2f,68,96,42,56,04,4f,09,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,c5,21,5f,20,d4,
44,62,4a,3e,1e,9e,e0,57,5a,93,61,b0,64,01,32,d6,d6,f8,82,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,93,4c,4a,bb,19,
a3,cc,e7,cd,44,cd,b9,a6,33,6c,cd,23,e3,99,b5,08,12,ab,07,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,f7,a6,62,71,3e,
f2,90,72,b0,18,ed,a7,3f,8d,37,a4,ef,68,56,5e,69,3f,c5,d6,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,bf,72,a2,85,79,
75,e5,01,31,77,e1,ba,b1,f8,68,02,c9,c0,ce,02,5f,2c,f2,02,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,27,5b,fd,e3,77,
7c,66,d1,83,6c,56,8b,a0,85,96,ab,c6,ae,6a,2f,e5,3e,04,0b,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,e0,ec,ba,02,40,
c0,99,25,51,fa,6e,91,28,9e,14,cc,0f,c3,af,44,bd,80,99,44,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,81,a0,dd,1f,d1,
66,5a,f7,b1,cd,45,5a,a8,c4,f8,b9,3e,b0,2f,e2,bf,ae,94,52,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,8c,73,82,03,7f,
35,c5,92,e3,0e,66,d5,eb,bc,2f,6b,45,e9,7a,90,fa,2b,3d,e5,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,f0,e6,58,4b,a2,
e1,68,3d,fa,ea,66,7f,d4,3b,6b,70,71,63,e6,b9,71,04,60,ac,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargÈes dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2700)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\ccm\CcmExec.exe
c:\windows\system32\sessmgr.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2009-06-27 12:41 - La machine a redÈmarrÈ
ComboFix-quarantined-files.txt 2009-06-27 10:41
ComboFix2.txt 2009-06-27 10:27
ComboFix3.txt 2009-06-04 14:41
Avant-CF: 14†697†340†928 bytes free
AprËs-CF: 14†672†732†160 octets libres
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
317 --- E O F --- 2008-01-04 11:04
Revenons à tes reco, voici le rapport du scan après le glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe. Petite subtilité, mon pc a redémarré sans que je fasse quoique ce soit. dès l'ouverture une fenêtre s'est ouverte C:\ Find3M compte rendu en cours de prépa..
A+, merci
ComboFix 09-06-26.02 - v-cedlam 27/06/2009 12:30.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1033.18.1015.597 [GMT 2:00]
LancÈ depuis: c:\documents and settings\v-cedlam\Desktop\ComboFix.exe
Commutateurs utilisÈs :: c:\documents and settings\v-cedlam\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((( Fichiers crÈÈs du 2009-05-27 au 2009-06-27 ))))))))))))))))))))))))))))))))))))
.
2009-06-27 10:25 . 2009-06-27 10:25 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-27 09:52 . 2009-06-27 10:00 -------- d-----w- C:\32788R22FWJFW.2.tmp
2009-06-27 09:51 . 2009-06-27 09:52 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-06-27 09:43 . 2009-06-27 09:44 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-12 09:30 . 2009-06-12 09:30 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-04 16:24 . 2009-06-27 10:15 428385 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-06-04 15:05 . 2009-06-04 15:05 253688 ----a-w- c:\windows\system32\cssdll32.dll
2009-06-04 15:03 . 2009-06-04 15:05 -------- d-----w- c:\program files\COMODO
2009-06-04 09:41 . 2009-06-04 09:41 -------- d-----w- c:\program files\Zone Labs
2009-06-04 09:39 . 2009-06-04 09:41 -------- d-----w- c:\windows\Internet Logs
2009-06-04 09:02 . 2009-06-04 11:24 -------- d-----w- c:\program files\Navilog1
2009-06-04 08:56 . 2009-06-04 09:29 -------- d-----w- C:\ToolBar SD
2009-06-03 11:46 . 2009-06-03 11:46 -------- d-----w- C:\Sauvegarde
2009-06-03 11:26 . 2009-06-03 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\RH_Backups
2009-06-03 11:26 . 2009-06-03 11:26 -------- d-----w- c:\program files\RegHealer
2009-06-02 10:36 . 2009-06-02 11:34 -------- d-----w- c:\program files\RegCleaner
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 10:35 . 2009-06-27 10:35 0 ----a-w- C:\Ntf18.tmp
2009-06-27 10:35 . 2009-06-27 10:35 0 ----a-w- C:\Ntf17.tmp
2009-06-27 10:16 . 2009-06-27 10:16 67 ----a-w- C:\Ntf16.tmp
2009-06-27 10:16 . 2009-06-27 10:16 67 ----a-w- C:\Ntf15.tmp
2009-06-05 08:59 . 2008-09-06 17:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-05 08:43 . 2009-06-05 08:43 67 ----a-w- C:\Ntf14.tmp
2009-06-05 08:43 . 2009-06-05 08:43 67 ----a-w- C:\Ntf13.tmp
2009-06-04 19:21 . 2009-06-04 19:21 67 ----a-w- C:\Ntf12.tmp
2009-06-04 19:21 . 2009-06-04 19:21 67 ----a-w- C:\Ntf11.tmp
2009-06-04 18:56 . 2009-06-04 18:56 67 ----a-w- C:\NtfF.tmp
2009-06-04 18:56 . 2009-06-04 18:56 67 ----a-w- C:\Ntf10.tmp
2009-06-04 16:24 . 2009-06-04 16:24 67 ----a-w- C:\NtfE.tmp
2009-06-04 16:24 . 2009-06-04 16:24 67 ----a-w- C:\NtfD.tmp
2009-06-04 14:35 . 2009-06-04 14:35 67 ----a-w- C:\NtfC.tmp
2009-06-04 14:35 . 2009-06-04 14:35 67 ----a-w- C:\Ntf1.tmp
2009-06-04 14:25 . 2006-10-20 10:36 -------- d-----w- c:\program files\CA
2009-06-04 09:15 . 2009-06-04 09:15 67 ----a-w- C:\Ntf9.tmp
2009-06-04 09:15 . 2009-06-04 09:15 67 ----a-w- C:\Ntf8.tmp
2009-06-04 09:05 . 2009-06-04 09:05 67 ----a-w- C:\Ntf7.tmp
2009-06-04 09:05 . 2009-06-04 09:05 67 ----a-w- C:\Ntf6.tmp
2009-06-03 18:06 . 2009-06-03 18:06 67 ----a-w- C:\Ntf5.tmp
2009-06-03 18:06 . 2009-06-03 18:06 67 ----a-w- C:\Ntf4.tmp
2009-06-02 13:42 . 2009-06-02 13:42 67 ----a-w- C:\Ntf3.tmp
2009-06-02 13:42 . 2009-06-02 13:42 67 ----a-w- C:\Ntf2.tmp
2009-06-02 13:32 . 2009-06-02 13:32 67 ----a-w- C:\NtfB.tmp
2009-06-02 13:32 . 2009-06-02 13:32 67 ----a-w- C:\NtfA.tmp
2009-06-02 11:50 . 2008-03-07 14:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-02 11:47 . 2008-09-06 17:17 -------- d-----w- c:\program files\a-squared Free
2009-06-02 11:46 . 2009-05-07 15:52 -------- d-----w- c:\program files\MailNavigator(2)
2009-06-02 11:45 . 2008-04-04 08:57 -------- d-----w- c:\program files\Windows Live Toolbar
2009-06-02 11:45 . 2008-04-04 08:49 -------- d-----w- c:\program files\Windows Live
2009-06-02 11:43 . 2009-05-07 16:00 -------- d-----w- c:\program files\OE-Mail Recovery
2009-06-02 11:42 . 2009-05-19 15:36 -------- d-----w- c:\program files\Microsoft
2009-06-02 09:26 . 2008-02-14 13:01 -------- d-----w- c:\program files\Norton Security Scan
2009-05-23 18:24 . 2009-05-23 18:24 -------- d-----w- c:\program files\Panda Security
2009-05-19 15:42 . 2009-05-19 15:42 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-19 15:29 . 2009-05-19 15:29 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-18 13:55 . 2008-03-14 14:20 -------- d-----w- c:\program files\Java
2009-05-15 11:59 . 2006-10-20 10:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-15 11:59 . 2008-02-13 16:09 -------- d-----w- c:\program files\Google
2009-04-21 16:06 . 2009-04-21 16:06 0 ----a-w- c:\windows\nsreg.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-06-04_14.36.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-27 10:35 . 2009-06-27 10:35 16384 c:\windows\temp\usgthrsvc\Perflib_Perfdata_718.dat
+ 2009-06-27 10:35 . 2009-06-27 10:35 16384 c:\windows\temp\Perflib_Perfdata_668.dat
+ 2009-06-27 10:25 . 2007-07-30 18:19 53080 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-27 10:25 . 2004-08-04 12:00 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-27 10:25 . 2004-08-04 12:00 24576 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-27 10:25 . 2004-08-04 12:00 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-27 10:25 . 2005-06-10 23:53 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-27 10:25 . 2004-08-04 12:00 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-27 10:25 . 2004-08-04 12:00 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-27 10:25 . 2004-08-03 20:58 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-27 10:25 . 2004-08-04 12:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-27 10:25 . 2004-08-04 12:00 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-27 10:25 . 2004-08-04 12:00 502272 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-27 10:25 . 2007-10-10 23:56 824832 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-27 10:25 . 2007-03-08 15:36 577536 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-27 10:25 . 2004-08-04 12:00 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-27 10:25 . 2006-04-20 11:51 359808 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-27 10:25 . 2004-08-04 12:00 108032 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-27 10:25 . 2004-08-04 12:00 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-27 10:25 . 2007-04-16 15:52 984576 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-27 10:25 . 2004-08-04 12:00 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-27 10:25 . 2004-08-04 12:00 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-27 10:25 . 2004-08-04 12:00 1580544 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-27 10:25 . 2007-02-28 09:55 2182144 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-27 10:25 . 2007-02-28 09:15 2059392 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-27 10:25 . 2007-06-13 10:23 1033216 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ÈlÈments vides & les ÈlÈments initiaux lÈgitimes ne sont pas listÈs
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-19 68856]
"Google Update"="c:\documents and settings\v-cedlam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-14 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-10-17 243240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-06-04 278264]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2003-01-23 4608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"1"="Wscript" [X]
c:\documents and settings\v-cedlam\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'Çcran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Firewall Client Management.lnk - c:\windows\Installer\{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}\NewShortcut1_8C7A59A89ABE459A9A9308C281A4A264.exe [2006-10-20 53248]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\cssdll32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1721254763-462695806-1538882281-2580158\Scripts\Logon\0\0]
"Script"=script_wrapper.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1721254763-462695806-1538882281-2580158\Scripts\Logon\1\0]
"Script"=script_wrapper.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1721254763-462695806-1538882281-2692121\Scripts\Logon\0\0]
"Script"=script_wrapper.cmd
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\v-cedlam\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Documents and Settings\\v-cedlam\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\v-cedlam\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [23/05/2009 20:26 28544]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [04/04/2008 11:00 43816]
R2 FwcAgent;Firewall Client Agent;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [23/12/2004 02:00 124248]
R2 SRUserService;IT Connection Manager;c:\program files\IT Connection Manager\SRUserService.exe [26/05/2005 20:00 187152]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [03/01/2008 13:10 88192]
S2 fsssvc;Windows Live OneCare Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 523816]
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [20/10/2006 10:16 92550]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [19/12/2008 00:05 120168]
.
Contenu du dossier 'T‚ches planifiÈes'
2009-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1721254763-462695806-1538882281-2692121.job
- c:\documents and settings\v-cedlam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-14 18:50]
.
.
------- Examen supplÈmentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 195.144.24.27:80
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
FF - ProfilePath - c:\documents and settings\v-cedlam\Application Data\Mozilla\Firefox\Profiles\0us0rm6v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\documents and settings\v-cedlam\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\v-cedlam\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
---- PARAMETRES FIREFOX ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 12:36
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachÈs ...
Recherche d'ÈlÈments en dÈmarrage automatique cachÈs ...
Recherche de fichiers cachÈs ...
Scan terminÈ avec succËs
Fichiers cachÈs: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,aa,a8,f7,a1,99,
1e,94,c9,c8,28,51,af,b0,29,a3,98,72,68,29,61,fb,c4,44,df,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,0b,83,35,bb,91,
dd,4c,30,71,3b,04,66,8b,46,0d,96,cc,56,11,b7,03,9d,c4,a1,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,7a,dd,99,85,6e,
bd,24,a9,25,da,ec,7e,55,20,c9,26,2f,68,96,42,56,04,4f,09,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,c5,21,5f,20,d4,
44,62,4a,3e,1e,9e,e0,57,5a,93,61,b0,64,01,32,d6,d6,f8,82,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,93,4c,4a,bb,19,
a3,cc,e7,cd,44,cd,b9,a6,33,6c,cd,23,e3,99,b5,08,12,ab,07,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,f7,a6,62,71,3e,
f2,90,72,b0,18,ed,a7,3f,8d,37,a4,ef,68,56,5e,69,3f,c5,d6,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,bf,72,a2,85,79,
75,e5,01,31,77,e1,ba,b1,f8,68,02,c9,c0,ce,02,5f,2c,f2,02,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,27,5b,fd,e3,77,
7c,66,d1,83,6c,56,8b,a0,85,96,ab,c6,ae,6a,2f,e5,3e,04,0b,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,e0,ec,ba,02,40,
c0,99,25,51,fa,6e,91,28,9e,14,cc,0f,c3,af,44,bd,80,99,44,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,81,a0,dd,1f,d1,
66,5a,f7,b1,cd,45,5a,a8,c4,f8,b9,3e,b0,2f,e2,bf,ae,94,52,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,8c,73,82,03,7f,
35,c5,92,e3,0e,66,d5,eb,bc,2f,6b,45,e9,7a,90,fa,2b,3d,e5,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,f0,e6,58,4b,a2,
e1,68,3d,fa,ea,66,7f,d4,3b,6b,70,71,63,e6,b9,71,04,60,ac,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargÈes dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2700)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\ccm\CcmExec.exe
c:\windows\system32\sessmgr.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2009-06-27 12:41 - La machine a redÈmarrÈ
ComboFix-quarantined-files.txt 2009-06-27 10:41
ComboFix2.txt 2009-06-27 10:27
ComboFix3.txt 2009-06-04 14:41
Avant-CF: 14†697†340†928 bytes free
AprËs-CF: 14†672†732†160 octets libres
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
317 --- E O F --- 2008-01-04 11:04
Ok :)
Je vais te demander un nouveau rapport de Gmer, pour vérifier si Combofix a bien tout supprimé :
• Désactive tes logiciels de protection
• Lance Gmer
• Dans l'onglet "Rootkit", clique sur "SCAN" puis patiente...
• A la fin, clique sur "SAVE" et enregistre le rapport sur ton Bureau.
• Suis ce tutoriel pour héberger le rapport ailleurs et poste dans ta prochaine réponse le lien qui est donné stp.
Je vais te demander un nouveau rapport de Gmer, pour vérifier si Combofix a bien tout supprimé :
• Désactive tes logiciels de protection
• Lance Gmer
• Dans l'onglet "Rootkit", clique sur "SCAN" puis patiente...
• A la fin, clique sur "SAVE" et enregistre le rapport sur ton Bureau.
• Suis ce tutoriel pour héberger le rapport ailleurs et poste dans ta prochaine réponse le lien qui est donné stp.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voici le rapport
http://ww38.toofiles.com/fr/oip/documents/txt/gmerscan.html
A+, c cool que tu me répondes rapidement
http://ww38.toofiles.com/fr/oip/documents/txt/gmerscan.html
A+, c cool que tu me répondes rapidement
Tu n'as pas vu mon dernier message ?