Accès impossible sites anti virus et MAJ anti
Scratch78
-
sapnakaj Messages postés 314 Statut Membre -
sapnakaj Messages postés 314 Statut Membre -
Bonjour,
Je me suis aperçu que la mise à jour Avast ne se faisait plus (clé périmée mais impossible d'aller sur le site avst). De plus, impossible de me connecter en général aux sites anti-virus: avast, secsuer...
Ex: Firefox ne peut trouver le serveur à l'adresse www.avast.com.
Je suis sous XP, j'utilise Zone Alarm, Avast, Mozilla Firefox.
J'ai utlisé malwarebytes en mode sans echec et en mode normal, qui m'a supprimé 8 infections mais le problème demeure.
J'ai aussi tenté ccleaner, sdfix en mode sans echec, combofix, findykill, comme j'ai pu trouver ça et là que c'était utile mais rien...
Est-ce que quelq'un peut m'aider, je commence à déséspérer...
Voici un rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:33, on 04/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ludovic Sturer\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Je me suis aperçu que la mise à jour Avast ne se faisait plus (clé périmée mais impossible d'aller sur le site avst). De plus, impossible de me connecter en général aux sites anti-virus: avast, secsuer...
Ex: Firefox ne peut trouver le serveur à l'adresse www.avast.com.
Je suis sous XP, j'utilise Zone Alarm, Avast, Mozilla Firefox.
J'ai utlisé malwarebytes en mode sans echec et en mode normal, qui m'a supprimé 8 infections mais le problème demeure.
J'ai aussi tenté ccleaner, sdfix en mode sans echec, combofix, findykill, comme j'ai pu trouver ça et là que c'était utile mais rien...
Est-ce que quelq'un peut m'aider, je commence à déséspérer...
Voici un rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:33, on 04/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ludovic Sturer\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:
- Accès impossible sites anti virus et MAJ anti
- Malwarebytes anti-malware - Télécharger - Antivirus & Antimalwares
- Anti pub youtube - Accueil - Streaming
- Anti slash ✓ - Forum Programmation
- Anti brume pokemon platine ✓ - Forum Jeux vidéo
- Sites de telechargements - Accueil - Outils
9 réponses
Voici le rapport de combofix.
Sinon, pour antivir, je veux bien tenter si je suis sur que ça peut fonctionner mais impossible de me connecter à un site d'anti-virus, j'ai dit ;-)
Si j'y arrive, quelle est la démarche: d'abord désinstaller avast puis laner antivir ?
AV: avast! antivirus 4.7.1098 [VPS 080322-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\beep.sys
c:\windows\system32\drivers\null.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-06-04 au 2009-07-04 ))))))))))))))))))))))))))))))))))))
.
2009-07-04 14:16 . 2009-07-04 14:16 -------- d-----w- c:\windows\ERUNT
2009-07-04 14:10 . 2009-07-04 14:35 -------- d-----w- C:\SDFix
2009-07-04 13:53 . 2009-07-04 13:53 -------- d-----w- c:\program files\CCleaner
2009-07-04 11:06 . 2009-07-04 11:39 -------- d-----w- C:\FindyKill
2009-07-04 06:14 . 2009-07-04 06:14 -------- d-----w- c:\documents and settings\Ludovic Sturer\Application Data\Malwarebytes
2009-07-04 06:14 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 06:14 . 2009-07-04 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-04 06:14 . 2009-07-04 06:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 06:14 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 14:34 . 2005-08-31 13:41 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-07-04 14:14 . 2009-07-04 14:31 7303680 ----a-w- c:\windows\Internet Logs\xDB43.tmp
2009-07-04 14:14 . 2009-07-04 14:31 275456 ----a-w- c:\windows\Internet Logs\xDB42.tmp
2009-07-04 11:38 . 1979-12-31 22:00 77254 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-04 11:38 . 1979-12-31 22:00 472796 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-03 20:46 . 2009-07-04 05:05 65536 ----a-w- c:\windows\Internet Logs\xDB40.tmp
2009-07-03 20:46 . 2009-07-04 05:05 7263232 ----a-w- c:\windows\Internet Logs\xDB41.tmp
2009-07-03 19:20 . 2009-07-03 19:47 151040 ----a-w- c:\windows\Internet Logs\xDB3E.tmp
2009-07-03 19:20 . 2009-07-03 19:47 7259648 ----a-w- c:\windows\Internet Logs\xDB3F.tmp
2009-07-02 18:57 . 2009-07-03 16:06 135680 ----a-w- c:\windows\Internet Logs\xDB3C.tmp
2009-07-02 18:57 . 2009-07-03 16:06 7259648 ----a-w- c:\windows\Internet Logs\xDB3D.tmp
2009-07-02 07:55 . 2009-07-02 16:40 39424 ----a-w- c:\windows\Internet Logs\xDB3A.tmp
2009-07-02 07:55 . 2009-07-02 16:40 7259648 ----a-w- c:\windows\Internet Logs\xDB3B.tmp
2009-07-01 19:19 . 2009-07-02 06:44 145408 ----a-w- c:\windows\Internet Logs\xDB38.tmp
2009-07-01 19:19 . 2009-07-02 06:44 7259648 ----a-w- c:\windows\Internet Logs\xDB39.tmp
2009-07-01 07:46 . 2009-07-01 16:46 46080 ----a-w- c:\windows\Internet Logs\xDB37.tmp
2009-07-01 05:26 . 2009-07-01 07:02 68096 ----a-w- c:\windows\Internet Logs\xDB35.tmp
2009-07-01 05:26 . 2009-07-01 07:03 7259136 ----a-w- c:\windows\Internet Logs\xDB36.tmp
2009-06-30 06:37 . 2009-06-30 16:40 7258624 ----a-w- c:\windows\Internet Logs\xDB34.tmp
2009-06-30 06:37 . 2009-06-30 16:40 37376 ----a-w- c:\windows\Internet Logs\xDB33.tmp
2009-06-30 05:31 . 2009-06-30 06:03 28672 ----a-w- c:\windows\Internet Logs\xDB31.tmp
2009-06-30 05:31 . 2009-06-30 06:03 7258624 ----a-w- c:\windows\Internet Logs\xDB32.tmp
2009-06-29 17:26 . 2009-06-30 05:22 60928 ----a-w- c:\windows\Internet Logs\xDB30.tmp
2009-06-29 10:09 . 2009-06-29 16:39 34304 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2009-06-29 10:09 . 2009-06-29 16:39 7258112 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
2009-06-29 06:47 . 2009-06-29 07:11 113664 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2009-06-28 08:10 . 2009-06-28 09:21 118784 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2009-06-28 08:10 . 2009-06-28 09:21 7256064 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2009-06-27 19:33 . 2009-06-28 06:04 7256064 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2009-06-27 19:33 . 2009-06-28 06:04 605696 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2009-06-27 05:49 . 2009-06-27 06:43 31744 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2009-06-26 20:41 . 2009-06-27 05:25 241152 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2009-06-25 21:30 . 2009-06-26 05:35 31744 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2009-06-25 21:29 . 2009-06-26 05:35 7254528 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2009-06-25 20:18 . 2009-06-25 21:13 7254528 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-06-25 20:18 . 2009-06-25 21:13 155136 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-06-25 05:26 . 2009-06-25 17:21 30208 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2009-06-25 05:26 . 2009-06-25 17:21 7254528 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2009-06-24 20:00 . 2009-06-25 05:05 142336 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2009-06-24 05:08 . 2009-06-24 17:30 30208 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
2009-06-24 05:08 . 2009-06-24 17:30 7254016 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2009-06-23 20:28 . 2009-06-24 04:42 62464 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2009-06-23 19:18 . 2009-06-23 19:43 139264 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-06-23 19:18 . 2009-06-23 19:44 7253504 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-06-23 07:14 . 2009-06-23 17:32 7253504 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2009-06-23 07:14 . 2009-06-23 17:32 42496 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2009-06-22 19:06 . 2009-06-23 06:36 7252992 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2009-06-22 19:06 . 2009-06-23 06:36 211968 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2009-06-22 10:47 . 2009-06-22 10:49 132096 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2009-06-22 10:47 . 2009-06-22 10:49 7251968 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2009-06-21 20:05 . 2009-06-22 05:48 166400 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2009-06-21 20:05 . 2009-06-22 05:48 7251968 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2009-06-20 11:17 . 2009-06-20 21:50 235520 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2009-06-20 06:35 . 2009-06-20 07:12 7249408 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2009-06-20 06:35 . 2009-06-20 07:12 41984 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2009-06-20 05:06 . 2009-06-20 05:08 49152 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2009-06-19 20:39 . 2009-06-20 04:24 7241216 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2009-06-19 20:39 . 2009-06-20 04:23 241152 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-06-19 17:21 . 2005-09-01 20:32 -------- d-----w- c:\documents and settings\Ludovic Sturer\Application Data\AdobeUM
2009-06-18 20:23 . 2009-06-19 17:12 313344 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2009-06-18 20:23 . 2009-06-19 17:12 7241216 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2009-06-18 06:10 . 2009-06-18 06:21 34816 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2009-06-18 06:10 . 2009-06-18 06:21 7240192 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2009-06-17 20:18 . 2009-06-18 05:27 7246848 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2009-06-17 20:18 . 2009-06-18 05:27 288256 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2009-06-17 06:10 . 2009-06-17 15:53 40448 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-06-17 06:10 . 2009-06-17 15:53 7240192 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2009-06-16 21:11 . 2009-06-17 05:34 7240192 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-06-16 21:11 . 2009-06-17 05:34 138240 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-06-16 18:51 . 2009-06-16 18:53 7243264 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-06-16 18:51 . 2009-06-16 18:52 169984 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-06-15 20:05 . 2009-06-16 05:45 207360 ----a-w- c:\windows\Internet Logs\xDB79.tmp
2009-06-15 20:05 . 2009-06-16 05:45 7242240 ----a-w- c:\windows\Internet Logs\xDB7A.tmp
2009-06-15 16:24 . 2009-06-15 16:41 7239680 ----a-w- c:\windows\Internet Logs\xDB78.tmp
2009-06-15 16:24 . 2009-06-15 16:41 58880 ----a-w- c:\windows\Internet Logs\xDB77.tmp
2009-06-14 18:52 . 2009-06-15 16:02 161280 ----a-w- c:\windows\Internet Logs\xDB75.tmp
2009-06-14 18:52 . 2009-06-15 16:02 7239680 ----a-w- c:\windows\Internet Logs\xDB76.tmp
2009-06-14 10:15 . 2009-06-14 15:48 7238144 ----a-w- c:\windows\Internet Logs\xDB74.tmp
2009-06-14 10:15 . 2009-06-14 15:48 92672 ----a-w- c:\windows\Internet Logs\xDB73.tmp
2009-06-13 09:15 . 2009-06-13 16:27 7238656 ----a-w- c:\windows\Internet Logs\xDB72.tmp
2009-06-13 09:15 . 2009-06-13 16:27 56320 ----a-w- c:\windows\Internet Logs\xDB71.tmp
2009-06-13 05:24 . 2009-06-13 08:35 7250944 ----a-w- c:\windows\Internet Logs\xDB70.tmp
2009-06-13 05:24 . 2009-06-13 08:35 243200 ----a-w- c:\windows\Internet Logs\xDB6F.tmp
2009-05-24 15:23 . 2005-03-21 08:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-12 17:50 . 2005-09-01 20:27 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-05-08 14:22 . 2007-04-22 05:07 -------- d-----w- c:\program files\MemoriesOnTV3
2009-05-08 05:29 . 2007-02-13 11:44 -------- d-----w- c:\program files\Google
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2006-07-05 10:56 . 1979-12-31 22:00 164746 --sha-r- c:\windows\system32\dvsxjs.dll
2006-05-03 09:06 . 2009-04-19 17:41 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-04-19 17:41 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-04-19 17:41 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-04_10.18.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-04 15:06 . 2009-07-04 15:06 16384 c:\windows\Temp\Perflib_Perfdata_634.dat
+ 1979-12-31 22:00 . 2009-07-04 11:38 63996 c:\windows\system32\perfc009.dat
- 1979-12-31 22:00 . 2009-04-10 18:39 63996 c:\windows\system32\perfc009.dat
+ 1979-12-31 22:00 . 2009-07-04 11:38 405446 c:\windows\system32\perfh009.dat
- 1979-12-31 22:00 . 2009-04-10 18:39 405446 c:\windows\system32\perfh009.dat
+ 2009-07-04 14:16 . 2009-07-04 14:16 159744 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-07-04 14:16 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-07-04 14:16 . 2009-07-04 14:16 159744 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-07-04 14:16 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-07-04 14:16 . 2009-07-04 14:16 7401472 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2009-07-04 14:16 . 2009-07-04 14:16 7401472 c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2005-07-25 188459]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 755480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-08-12 61952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"MPS"=c:\acer\PSM.EXE
"AGRSMMSG"=AGRSMMSG.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe"
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"4974:TCP"= 4974:TCP:tnygldlj
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= c:\program files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"c:\\Program Files\\MSN Messenger\\livecall.exe"= c:\program files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= c:\program files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= c:\program files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= c:\program files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
"c:\\Program Files\\Messenger\\msmsgs.exe"= c:\program files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= c:\windows\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"= c:\program files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= c:\program files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"c:\\Program Files\\MSN Messenger\\livecall.exe"= c:\program files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"4974:TCP"= 4974:TCP:*:Enabled:tnygldlj
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [01/01/1980 76544]
S2 yjzgkc;Time Boot;c:\windows\system32\svchost.exe -k netsvcs [01/01/1980 14336]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - TFMIWQ
*Deregistered* - tfmiwq
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter
DcomLaunch REG_MULTI_SZ DcomLaunch TermService
WudfServiceGroup REG_MULTI_SZ WUDFSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
yjzgkc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
Alerter
LmHosts
.
Contenu du dossier 'Tâches planifiées'
2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-05-08 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-01-17 07:10]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.free.fr/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
FF - ProfilePath - c:\documents and settings\Ludovic Sturer\Application Data\Mozilla\Firefox\Profiles\a6rd7gg1.default\
FF - prefs.js: browser.startup.homepage - www.free.fr
FF - component: c:\documents and settings\Ludovic Sturer\Application Data\Mozilla\Firefox\Profiles\a6rd7gg1.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}\components\rfproxy_27.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 17:10
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-3450603700-3914315320-1958823886-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
"GlobalState"=hex:1a,c1,2b,62,40,77,53,22,a5,21,86,c7,48,7a,95,e4,2d,77,82,b2
"{21701DD0-9D7E-43f7-A1B2-E92ED6E90A51}"=hex:61,a2,c2,2b,79,bf,a0,6c,56,26,25,
a3,80,47,01,69,de,c8,13,df,30,19,64,ae,4c,62,c6,01
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9b.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9b.exe"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4072)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\FXSAPI.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\INCRED~1\bin\IMApp.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
.
**************************************************************************
.
Heure de fin: 2009-07-04 17:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-07-04 15:13
ComboFix2.txt 2009-07-04 10:25
Avant-CF: 59 712 929 792 octets libres
Après-CF: 59 684 184 064 octets libres
398
Sinon, pour antivir, je veux bien tenter si je suis sur que ça peut fonctionner mais impossible de me connecter à un site d'anti-virus, j'ai dit ;-)
Si j'y arrive, quelle est la démarche: d'abord désinstaller avast puis laner antivir ?
AV: avast! antivirus 4.7.1098 [VPS 080322-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\beep.sys
c:\windows\system32\drivers\null.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-06-04 au 2009-07-04 ))))))))))))))))))))))))))))))))))))
.
2009-07-04 14:16 . 2009-07-04 14:16 -------- d-----w- c:\windows\ERUNT
2009-07-04 14:10 . 2009-07-04 14:35 -------- d-----w- C:\SDFix
2009-07-04 13:53 . 2009-07-04 13:53 -------- d-----w- c:\program files\CCleaner
2009-07-04 11:06 . 2009-07-04 11:39 -------- d-----w- C:\FindyKill
2009-07-04 06:14 . 2009-07-04 06:14 -------- d-----w- c:\documents and settings\Ludovic Sturer\Application Data\Malwarebytes
2009-07-04 06:14 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 06:14 . 2009-07-04 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-04 06:14 . 2009-07-04 06:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 06:14 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 14:34 . 2005-08-31 13:41 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-07-04 14:14 . 2009-07-04 14:31 7303680 ----a-w- c:\windows\Internet Logs\xDB43.tmp
2009-07-04 14:14 . 2009-07-04 14:31 275456 ----a-w- c:\windows\Internet Logs\xDB42.tmp
2009-07-04 11:38 . 1979-12-31 22:00 77254 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-04 11:38 . 1979-12-31 22:00 472796 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-03 20:46 . 2009-07-04 05:05 65536 ----a-w- c:\windows\Internet Logs\xDB40.tmp
2009-07-03 20:46 . 2009-07-04 05:05 7263232 ----a-w- c:\windows\Internet Logs\xDB41.tmp
2009-07-03 19:20 . 2009-07-03 19:47 151040 ----a-w- c:\windows\Internet Logs\xDB3E.tmp
2009-07-03 19:20 . 2009-07-03 19:47 7259648 ----a-w- c:\windows\Internet Logs\xDB3F.tmp
2009-07-02 18:57 . 2009-07-03 16:06 135680 ----a-w- c:\windows\Internet Logs\xDB3C.tmp
2009-07-02 18:57 . 2009-07-03 16:06 7259648 ----a-w- c:\windows\Internet Logs\xDB3D.tmp
2009-07-02 07:55 . 2009-07-02 16:40 39424 ----a-w- c:\windows\Internet Logs\xDB3A.tmp
2009-07-02 07:55 . 2009-07-02 16:40 7259648 ----a-w- c:\windows\Internet Logs\xDB3B.tmp
2009-07-01 19:19 . 2009-07-02 06:44 145408 ----a-w- c:\windows\Internet Logs\xDB38.tmp
2009-07-01 19:19 . 2009-07-02 06:44 7259648 ----a-w- c:\windows\Internet Logs\xDB39.tmp
2009-07-01 07:46 . 2009-07-01 16:46 46080 ----a-w- c:\windows\Internet Logs\xDB37.tmp
2009-07-01 05:26 . 2009-07-01 07:02 68096 ----a-w- c:\windows\Internet Logs\xDB35.tmp
2009-07-01 05:26 . 2009-07-01 07:03 7259136 ----a-w- c:\windows\Internet Logs\xDB36.tmp
2009-06-30 06:37 . 2009-06-30 16:40 7258624 ----a-w- c:\windows\Internet Logs\xDB34.tmp
2009-06-30 06:37 . 2009-06-30 16:40 37376 ----a-w- c:\windows\Internet Logs\xDB33.tmp
2009-06-30 05:31 . 2009-06-30 06:03 28672 ----a-w- c:\windows\Internet Logs\xDB31.tmp
2009-06-30 05:31 . 2009-06-30 06:03 7258624 ----a-w- c:\windows\Internet Logs\xDB32.tmp
2009-06-29 17:26 . 2009-06-30 05:22 60928 ----a-w- c:\windows\Internet Logs\xDB30.tmp
2009-06-29 10:09 . 2009-06-29 16:39 34304 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2009-06-29 10:09 . 2009-06-29 16:39 7258112 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
2009-06-29 06:47 . 2009-06-29 07:11 113664 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2009-06-28 08:10 . 2009-06-28 09:21 118784 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2009-06-28 08:10 . 2009-06-28 09:21 7256064 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2009-06-27 19:33 . 2009-06-28 06:04 7256064 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2009-06-27 19:33 . 2009-06-28 06:04 605696 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2009-06-27 05:49 . 2009-06-27 06:43 31744 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2009-06-26 20:41 . 2009-06-27 05:25 241152 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2009-06-25 21:30 . 2009-06-26 05:35 31744 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2009-06-25 21:29 . 2009-06-26 05:35 7254528 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2009-06-25 20:18 . 2009-06-25 21:13 7254528 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-06-25 20:18 . 2009-06-25 21:13 155136 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-06-25 05:26 . 2009-06-25 17:21 30208 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2009-06-25 05:26 . 2009-06-25 17:21 7254528 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2009-06-24 20:00 . 2009-06-25 05:05 142336 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2009-06-24 05:08 . 2009-06-24 17:30 30208 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
2009-06-24 05:08 . 2009-06-24 17:30 7254016 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2009-06-23 20:28 . 2009-06-24 04:42 62464 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2009-06-23 19:18 . 2009-06-23 19:43 139264 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-06-23 19:18 . 2009-06-23 19:44 7253504 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-06-23 07:14 . 2009-06-23 17:32 7253504 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2009-06-23 07:14 . 2009-06-23 17:32 42496 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2009-06-22 19:06 . 2009-06-23 06:36 7252992 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2009-06-22 19:06 . 2009-06-23 06:36 211968 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2009-06-22 10:47 . 2009-06-22 10:49 132096 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2009-06-22 10:47 . 2009-06-22 10:49 7251968 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2009-06-21 20:05 . 2009-06-22 05:48 166400 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2009-06-21 20:05 . 2009-06-22 05:48 7251968 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2009-06-20 11:17 . 2009-06-20 21:50 235520 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2009-06-20 06:35 . 2009-06-20 07:12 7249408 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2009-06-20 06:35 . 2009-06-20 07:12 41984 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2009-06-20 05:06 . 2009-06-20 05:08 49152 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2009-06-19 20:39 . 2009-06-20 04:24 7241216 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2009-06-19 20:39 . 2009-06-20 04:23 241152 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-06-19 17:21 . 2005-09-01 20:32 -------- d-----w- c:\documents and settings\Ludovic Sturer\Application Data\AdobeUM
2009-06-18 20:23 . 2009-06-19 17:12 313344 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2009-06-18 20:23 . 2009-06-19 17:12 7241216 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2009-06-18 06:10 . 2009-06-18 06:21 34816 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2009-06-18 06:10 . 2009-06-18 06:21 7240192 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2009-06-17 20:18 . 2009-06-18 05:27 7246848 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2009-06-17 20:18 . 2009-06-18 05:27 288256 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2009-06-17 06:10 . 2009-06-17 15:53 40448 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-06-17 06:10 . 2009-06-17 15:53 7240192 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2009-06-16 21:11 . 2009-06-17 05:34 7240192 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-06-16 21:11 . 2009-06-17 05:34 138240 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-06-16 18:51 . 2009-06-16 18:53 7243264 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-06-16 18:51 . 2009-06-16 18:52 169984 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-06-15 20:05 . 2009-06-16 05:45 207360 ----a-w- c:\windows\Internet Logs\xDB79.tmp
2009-06-15 20:05 . 2009-06-16 05:45 7242240 ----a-w- c:\windows\Internet Logs\xDB7A.tmp
2009-06-15 16:24 . 2009-06-15 16:41 7239680 ----a-w- c:\windows\Internet Logs\xDB78.tmp
2009-06-15 16:24 . 2009-06-15 16:41 58880 ----a-w- c:\windows\Internet Logs\xDB77.tmp
2009-06-14 18:52 . 2009-06-15 16:02 161280 ----a-w- c:\windows\Internet Logs\xDB75.tmp
2009-06-14 18:52 . 2009-06-15 16:02 7239680 ----a-w- c:\windows\Internet Logs\xDB76.tmp
2009-06-14 10:15 . 2009-06-14 15:48 7238144 ----a-w- c:\windows\Internet Logs\xDB74.tmp
2009-06-14 10:15 . 2009-06-14 15:48 92672 ----a-w- c:\windows\Internet Logs\xDB73.tmp
2009-06-13 09:15 . 2009-06-13 16:27 7238656 ----a-w- c:\windows\Internet Logs\xDB72.tmp
2009-06-13 09:15 . 2009-06-13 16:27 56320 ----a-w- c:\windows\Internet Logs\xDB71.tmp
2009-06-13 05:24 . 2009-06-13 08:35 7250944 ----a-w- c:\windows\Internet Logs\xDB70.tmp
2009-06-13 05:24 . 2009-06-13 08:35 243200 ----a-w- c:\windows\Internet Logs\xDB6F.tmp
2009-05-24 15:23 . 2005-03-21 08:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-12 17:50 . 2005-09-01 20:27 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-05-08 14:22 . 2007-04-22 05:07 -------- d-----w- c:\program files\MemoriesOnTV3
2009-05-08 05:29 . 2007-02-13 11:44 -------- d-----w- c:\program files\Google
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2006-07-05 10:56 . 1979-12-31 22:00 164746 --sha-r- c:\windows\system32\dvsxjs.dll
2006-05-03 09:06 . 2009-04-19 17:41 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-04-19 17:41 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-04-19 17:41 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-04_10.18.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-04 15:06 . 2009-07-04 15:06 16384 c:\windows\Temp\Perflib_Perfdata_634.dat
+ 1979-12-31 22:00 . 2009-07-04 11:38 63996 c:\windows\system32\perfc009.dat
- 1979-12-31 22:00 . 2009-04-10 18:39 63996 c:\windows\system32\perfc009.dat
+ 1979-12-31 22:00 . 2009-07-04 11:38 405446 c:\windows\system32\perfh009.dat
- 1979-12-31 22:00 . 2009-04-10 18:39 405446 c:\windows\system32\perfh009.dat
+ 2009-07-04 14:16 . 2009-07-04 14:16 159744 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-07-04 14:16 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-07-04 14:16 . 2009-07-04 14:16 159744 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-07-04 14:16 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-07-04 14:16 . 2009-07-04 14:16 7401472 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2009-07-04 14:16 . 2009-07-04 14:16 7401472 c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2005-07-25 188459]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 755480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-08-12 61952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"MPS"=c:\acer\PSM.EXE
"AGRSMMSG"=AGRSMMSG.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe"
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"4974:TCP"= 4974:TCP:tnygldlj
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= c:\program files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"c:\\Program Files\\MSN Messenger\\livecall.exe"= c:\program files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= c:\program files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= c:\program files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= c:\program files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
"c:\\Program Files\\Messenger\\msmsgs.exe"= c:\program files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= c:\windows\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"= c:\program files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= c:\program files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"c:\\Program Files\\MSN Messenger\\livecall.exe"= c:\program files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"4974:TCP"= 4974:TCP:*:Enabled:tnygldlj
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [01/01/1980 76544]
S2 yjzgkc;Time Boot;c:\windows\system32\svchost.exe -k netsvcs [01/01/1980 14336]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - TFMIWQ
*Deregistered* - tfmiwq
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter
DcomLaunch REG_MULTI_SZ DcomLaunch TermService
WudfServiceGroup REG_MULTI_SZ WUDFSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
yjzgkc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
Alerter
LmHosts
.
Contenu du dossier 'Tâches planifiées'
2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-05-08 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-01-17 07:10]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.free.fr/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
FF - ProfilePath - c:\documents and settings\Ludovic Sturer\Application Data\Mozilla\Firefox\Profiles\a6rd7gg1.default\
FF - prefs.js: browser.startup.homepage - www.free.fr
FF - component: c:\documents and settings\Ludovic Sturer\Application Data\Mozilla\Firefox\Profiles\a6rd7gg1.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}\components\rfproxy_27.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 17:10
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-3450603700-3914315320-1958823886-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
"GlobalState"=hex:1a,c1,2b,62,40,77,53,22,a5,21,86,c7,48,7a,95,e4,2d,77,82,b2
"{21701DD0-9D7E-43f7-A1B2-E92ED6E90A51}"=hex:61,a2,c2,2b,79,bf,a0,6c,56,26,25,
a3,80,47,01,69,de,c8,13,df,30,19,64,ae,4c,62,c6,01
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9b.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9b.exe"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4072)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\FXSAPI.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\INCRED~1\bin\IMApp.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
.
**************************************************************************
.
Heure de fin: 2009-07-04 17:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-07-04 15:13
ComboFix2.txt 2009-07-04 10:25
Avant-CF: 59 712 929 792 octets libres
Après-CF: 59 684 184 064 octets libres
398
Copie le texte ci-dessous :
File::
c:\windows\Internet Logs\*.tmp
Driver::
yjzgkc
NetSvc::
tfmiwq
yjzgkc
Alerter
LmHosts
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt
File::
c:\windows\Internet Logs\*.tmp
Driver::
yjzgkc
NetSvc::
tfmiwq
yjzgkc
Alerter
LmHosts
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
J'ai fait ce que tu m'as dit de faire mais Combofix bloque au moment où iles t indiquer un trcu du genre:
"Analyse en cours.
Cela peut prendre environ 10 minutes mais beaucoup plus si l'ordinateur est sérieusement infecté..."
J'ai essayé en fermant toutes les applications ZA, incredimail, avast...
Fermeture puis redémarrage avec le bouton de la tour obligé...
"Analyse en cours.
Cela peut prendre environ 10 minutes mais beaucoup plus si l'ordinateur est sérieusement infecté..."
J'ai essayé en fermant toutes les applications ZA, incredimail, avast...
Fermeture puis redémarrage avec le bouton de la tour obligé...
Youpi, ça refonctionne.
Je ne suis pas trop sensible aux solutions miracles mais il faut bien se rendre à l'évidence.
Je viens de désinstaller Avast pour le remplacer par Antivir et là, plus de pb, ça refonctionne comme avant, toutes les pages internet sont accessibles....
Et pourtant, j'ai en testé des logiciels: malwarbytes, ccleaner, combofix, findykill, sdfix...
Moralité: ne pas tjs faire confiance à son antivirus m^me quand vous avez l'impression de ne pas avoir de virus.
Merci pour ton aide chiquitine29....
Je ne suis pas trop sensible aux solutions miracles mais il faut bien se rendre à l'évidence.
Je viens de désinstaller Avast pour le remplacer par Antivir et là, plus de pb, ça refonctionne comme avant, toutes les pages internet sont accessibles....
Et pourtant, j'ai en testé des logiciels: malwarbytes, ccleaner, combofix, findykill, sdfix...
Moralité: ne pas tjs faire confiance à son antivirus m^me quand vous avez l'impression de ne pas avoir de virus.
Merci pour ton aide chiquitine29....
