Security aler supprimer
Raphou12
-
Raphou12 -
Raphou12 -
Bonjour,
J'ai fait analyser mon ordi par combofix et voici le compte rendu je vx savoir quoi fair si possible. Je sais qu'on est un an plus tard mais je vx savoir si on px m'aider. Si vous le voulez entrer mon email et on se voi sur msn bigraph91@otmail.com
J'ai fait analyser mon ordi par combofix et voici le compte rendu je vx savoir quoi fair si possible. Je sais qu'on est un an plus tard mais je vx savoir si on px m'aider. Si vous le voulez entrer mon email et on se voi sur msn bigraph91@otmail.com
A voir également:
- Security aler supprimer
- Supprimer rond bleu whatsapp - Guide
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Supprimer page word - Guide
- Supprimer pub youtube - Accueil - Streaming
- Fichier impossible à supprimer - Guide
1 réponse
Voici le compte rendu
ComboFix 09-07-02.02 - Raph 2009-07-03 14:27.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3070.2720 [GMT 2:00]
Lancé depuis: c:\documents and settings\Raph\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\13266714
c:\documents and settings\All Users\Application Data\13266714\13266714
c:\documents and settings\All Users\Application Data\13266714\13266714.exe
c:\windows\Slideshow Screensaver.scr
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-06-03 au 2009-07-03 ))))))))))))))))))))))))))))))))))))
.
2009-07-03 11:46 . 2009-07-03 11:46 -------- d-----w- c:\program files\Enigma Software Group
2009-06-19 16:44 . 2009-06-19 16:44 -------- d-----w- c:\documents and settings\Raph\Local Settings\Application Data\Identities
2009-06-17 06:53 . 2009-06-17 06:53 -------- d-----w- c:\documents and settings\Raph\Application Data\Canon
2009-06-11 17:25 . 2009-06-11 17:25 -------- d-----w- c:\documents and settings\Raph\Application Data\Skip-Bo
2009-06-10 19:04 . 2009-06-10 19:04 -------- d-----w- c:\documents and settings\Raph\Application Data\Apple Computer
2009-06-10 19:04 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-10 19:04 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-10 19:03 . 2009-06-10 19:03 -------- d-----w- c:\program files\iPod
2009-06-10 19:03 . 2009-06-10 19:04 -------- d-----w- c:\program files\iTunes
2009-06-10 19:03 . 2009-06-10 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-10 19:03 . 2009-06-10 19:03 -------- d-----w- c:\program files\Bonjour
2009-06-10 19:03 . 2009-06-10 19:03 -------- d-----w- c:\program files\QuickTime
2009-06-10 19:03 . 2009-06-10 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-10 19:03 . 2009-06-10 19:03 -------- d-----w- c:\documents and settings\Raph\Local Settings\Application Data\Apple
2009-06-10 19:03 . 2009-06-10 19:03 -------- d-----w- c:\program files\Apple Software Update
2009-06-10 19:03 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-10 19:03 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-10 19:03 . 2009-06-10 19:03 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-06-10 19:03 . 2009-06-10 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-10 19:02 . 2009-06-10 19:04 -------- d-----w- c:\documents and settings\Raph\Local Settings\Application Data\Apple Computer
2009-06-06 07:51 . 2009-06-06 07:51 -------- d-----w- c:\program files\THQ
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 12:19 . 2009-02-04 18:48 7 ----a-w- c:\windows\sbacknt.bin
2009-07-03 12:14 . 2009-02-27 13:54 -------- d-----w- c:\program files\Yahoo!
2009-07-03 08:56 . 2009-03-13 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-02 12:31 . 2009-02-03 11:00 -------- d-----w- c:\documents and settings\Raph\Application Data\Hamachi
2009-06-16 15:33 . 2009-05-20 17:58 -------- d-----w- c:\documents and settings\Raph\Application Data\U3
2009-06-06 07:51 . 2009-02-02 23:19 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-06-05 05:37 . 2009-05-31 13:24 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-05-18 23:36 . 2009-03-13 18:07 -------- d-----w- c:\program files\Google
2009-05-18 18:09 . 2009-02-17 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-05-16 15:11 . 2009-05-16 15:11 -------- d-----w- c:\program files\Image-Line
2009-05-07 15:33 . 2004-08-19 15:09 348672 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 2006-04-12 18:13 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2004-08-19 15:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-26 11:57 . 2009-04-26 11:57 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-26 11:57 . 2009-04-26 11:57 152576 ----a-w- c:\documents and settings\Raph\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-19 19:50 . 2006-03-09 08:25 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 21:31 . 2009-03-01 19:46 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-16 21:31 . 2009-03-01 19:46 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-04-15 14:53 . 2006-03-09 08:25 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 04:54 . 2001-08-24 12:00 48616 ----a-w- c:\windows\system32\perfc00C.dat
2009-04-15 04:54 . 2001-08-24 12:00 367658 ----a-w- c:\windows\system32\perfh00C.dat
2009-02-05 17:52 . 2009-02-05 17:52 1161544 ----a-w- c:\program files\wlsetup-custom.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WeatherEye"="c:\program files\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-01-16 4519832]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Wallpaper"="c:\program files\Wallpaper\Wallpaper.exe" [2007-08-20 233472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-04-06 1298542]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-26 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-12-14 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-11-29 55824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
c:\documents and settings\Raph\Menu D‚marrer\Programmes\D‚marrage\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-2-4 370000]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-2-3 625952]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-2-27 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-27 789008]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 11:30 72208 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Electronic Arts\\Alerte Rouge 3\\Data\\ra3_1.6.game"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
S2 gupdate1c9a408b7b60da8;Service Google Update (gupdate1c9a408b7b60da8);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
.
Contenu du dossier 'Tâches planifiées'
2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-07-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-13 05:18]
2009-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 18:22]
2009-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 18:22]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-13266714 - c:\documents and settings\All Users\Application Data\13266714\13266714.exe
.
------- Examen supplémentaire -------
.
uStart Page = www.google.ca/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Raph\Application Data\Mozilla\Firefox\Profiles\k2cowyab.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 14:29
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1085031214-261478967-682003330-1003\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:97,e8,94,4d,74,65,da,b7,0f,d0,e6,ed,e9,0c,db,7d,00,04,1b,25,94,bb,c4,
36,22,83,df,fe,fb,d8,39,61,ef,5d,05,99,1c,bf,b9,6e,bc,16,c6,eb,18,8d,e1,0b,\
"??"=hex:16,93,90,70,b9,cc,bb,aa,1a,c2,d2,bf,12,76,1c,e3
[HKEY_USERS\S-1-5-21-1085031214-261478967-682003330-1003\SOFTWARE\SecuROM\License information*]
"datasecu"=hex:89,fc,3c,1e,ee,08,a6,dc,e9,88,52,c4,7b,68,4f,c3,bc,78,70,fa,03,
47,1c,3b,d7,30,90,4d,1b,e0,c2,be,6d,60,32,26,21,4d,ed,15,0a,5a,31,65,62,ba,\
"rkeysecu"=hex:03,5a,4f,b2,34,58,df,a5,b4,10,52,ba,66,67,4a,20
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
.
Heure de fin: 2009-07-03 14:30
ComboFix-quarantined-files.txt 2009-07-03 12:30
Avant-CF: 211 575 881 728 octets libres
Après-CF: 212 149 260 288 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
199 --- E O F --- 2009-07-02 06:20
ComboFix 09-07-02.02 - Raph 2009-07-03 14:27.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3070.2720 [GMT 2:00]
Lancé depuis: c:\documents and settings\Raph\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\13266714
c:\documents and settings\All Users\Application Data\13266714\13266714
c:\documents and settings\All Users\Application Data\13266714\13266714.exe
c:\windows\Slideshow Screensaver.scr
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-06-03 au 2009-07-03 ))))))))))))))))))))))))))))))))))))
.
2009-07-03 11:46 . 2009-07-03 11:46 -------- d-----w- c:\program files\Enigma Software Group
2009-06-19 16:44 . 2009-06-19 16:44 -------- d-----w- c:\documents and settings\Raph\Local Settings\Application Data\Identities
2009-06-17 06:53 . 2009-06-17 06:53 -------- d-----w- c:\documents and settings\Raph\Application Data\Canon
2009-06-11 17:25 . 2009-06-11 17:25 -------- d-----w- c:\documents and settings\Raph\Application Data\Skip-Bo
2009-06-10 19:04 . 2009-06-10 19:04 -------- d-----w- c:\documents and settings\Raph\Application Data\Apple Computer
2009-06-10 19:04 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-10 19:04 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-10 19:03 . 2009-06-10 19:03 -------- d-----w- c:\program files\iPod
2009-06-10 19:03 . 2009-06-10 19:04 -------- d-----w- c:\program files\iTunes
2009-06-10 19:03 . 2009-06-10 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-10 19:03 . 2009-06-10 19:03 -------- d-----w- c:\program files\Bonjour
2009-06-10 19:03 . 2009-06-10 19:03 -------- d-----w- c:\program files\QuickTime
2009-06-10 19:03 . 2009-06-10 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-10 19:03 . 2009-06-10 19:03 -------- d-----w- c:\documents and settings\Raph\Local Settings\Application Data\Apple
2009-06-10 19:03 . 2009-06-10 19:03 -------- d-----w- c:\program files\Apple Software Update
2009-06-10 19:03 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-10 19:03 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-10 19:03 . 2009-06-10 19:03 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-06-10 19:03 . 2009-06-10 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-10 19:02 . 2009-06-10 19:04 -------- d-----w- c:\documents and settings\Raph\Local Settings\Application Data\Apple Computer
2009-06-06 07:51 . 2009-06-06 07:51 -------- d-----w- c:\program files\THQ
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 12:19 . 2009-02-04 18:48 7 ----a-w- c:\windows\sbacknt.bin
2009-07-03 12:14 . 2009-02-27 13:54 -------- d-----w- c:\program files\Yahoo!
2009-07-03 08:56 . 2009-03-13 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-02 12:31 . 2009-02-03 11:00 -------- d-----w- c:\documents and settings\Raph\Application Data\Hamachi
2009-06-16 15:33 . 2009-05-20 17:58 -------- d-----w- c:\documents and settings\Raph\Application Data\U3
2009-06-06 07:51 . 2009-02-02 23:19 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-06-05 05:37 . 2009-05-31 13:24 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-05-18 23:36 . 2009-03-13 18:07 -------- d-----w- c:\program files\Google
2009-05-18 18:09 . 2009-02-17 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-05-16 15:11 . 2009-05-16 15:11 -------- d-----w- c:\program files\Image-Line
2009-05-07 15:33 . 2004-08-19 15:09 348672 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 2006-04-12 18:13 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2004-08-19 15:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-26 11:57 . 2009-04-26 11:57 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-26 11:57 . 2009-04-26 11:57 152576 ----a-w- c:\documents and settings\Raph\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-19 19:50 . 2006-03-09 08:25 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 21:31 . 2009-03-01 19:46 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-16 21:31 . 2009-03-01 19:46 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-04-15 14:53 . 2006-03-09 08:25 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 04:54 . 2001-08-24 12:00 48616 ----a-w- c:\windows\system32\perfc00C.dat
2009-04-15 04:54 . 2001-08-24 12:00 367658 ----a-w- c:\windows\system32\perfh00C.dat
2009-02-05 17:52 . 2009-02-05 17:52 1161544 ----a-w- c:\program files\wlsetup-custom.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WeatherEye"="c:\program files\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-01-16 4519832]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Wallpaper"="c:\program files\Wallpaper\Wallpaper.exe" [2007-08-20 233472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-04-06 1298542]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-26 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-12-14 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-11-29 55824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
c:\documents and settings\Raph\Menu D‚marrer\Programmes\D‚marrage\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-2-4 370000]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-2-3 625952]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-2-27 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-27 789008]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 11:30 72208 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Electronic Arts\\Alerte Rouge 3\\Data\\ra3_1.6.game"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
S2 gupdate1c9a408b7b60da8;Service Google Update (gupdate1c9a408b7b60da8);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
.
Contenu du dossier 'Tâches planifiées'
2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-07-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-13 05:18]
2009-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 18:22]
2009-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 18:22]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-13266714 - c:\documents and settings\All Users\Application Data\13266714\13266714.exe
.
------- Examen supplémentaire -------
.
uStart Page = www.google.ca/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Raph\Application Data\Mozilla\Firefox\Profiles\k2cowyab.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 14:29
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1085031214-261478967-682003330-1003\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:97,e8,94,4d,74,65,da,b7,0f,d0,e6,ed,e9,0c,db,7d,00,04,1b,25,94,bb,c4,
36,22,83,df,fe,fb,d8,39,61,ef,5d,05,99,1c,bf,b9,6e,bc,16,c6,eb,18,8d,e1,0b,\
"??"=hex:16,93,90,70,b9,cc,bb,aa,1a,c2,d2,bf,12,76,1c,e3
[HKEY_USERS\S-1-5-21-1085031214-261478967-682003330-1003\SOFTWARE\SecuROM\License information*]
"datasecu"=hex:89,fc,3c,1e,ee,08,a6,dc,e9,88,52,c4,7b,68,4f,c3,bc,78,70,fa,03,
47,1c,3b,d7,30,90,4d,1b,e0,c2,be,6d,60,32,26,21,4d,ed,15,0a,5a,31,65,62,ba,\
"rkeysecu"=hex:03,5a,4f,b2,34,58,df,a5,b4,10,52,ba,66,67,4a,20
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
.
Heure de fin: 2009-07-03 14:30
ComboFix-quarantined-files.txt 2009-07-03 12:30
Avant-CF: 211 575 881 728 octets libres
Après-CF: 212 149 260 288 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
199 --- E O F --- 2009-07-02 06:20
