Rundll 32 a cessé de fonctionner
Résolu
kali443
Messages postés
69
Statut
Membre
-
Prolls -
Prolls -
Bonjour,
Je poste ici car je pense etre victime d'un virus.
Je vous explique mon souci, depuis maintenant 2H mon pc me met un alerte Rundll32 a cessé de fonctionné au démarrage. Puis progressivement de plus en plus de fenetre de se type apparaisse. Que je touche à mon ordi ou non il m'affiche ensuite que l'explorateur windows à cessé de fonctionner. Je suis sous Vista 32Bits
J'ai cherché sur Google mais rien d'approchant ne convient
Savez vous d'où cela peut venir ?¿
En attente de votre réponse
Kali443
Je poste ici car je pense etre victime d'un virus.
Je vous explique mon souci, depuis maintenant 2H mon pc me met un alerte Rundll32 a cessé de fonctionné au démarrage. Puis progressivement de plus en plus de fenetre de se type apparaisse. Que je touche à mon ordi ou non il m'affiche ensuite que l'explorateur windows à cessé de fonctionner. Je suis sous Vista 32Bits
J'ai cherché sur Google mais rien d'approchant ne convient
Savez vous d'où cela peut venir ?¿
En attente de votre réponse
Kali443
A voir également:
- Rundll 32 a cessé de fonctionner
- 32 bits - Guide
- Power iso 32 bit - Télécharger - Gravure
- Clé de produit windows 7 professionnel 32 bits gratuit - Guide
- Télécharger windows 7 32 bits usb - Télécharger - Systèmes d'exploitation
- Format factory 32 bit - Télécharger - Conversion & Codecs
17 réponses
Bonjour,
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
Je fais ça dès que possible pour le moment comme je sens que c'est bien partit pour se finir en restauration totale du système, je backup le contenu de mon DD via un GHOST
ComboFix 09-11-13.06 - Kali 14/11/2009 16:33.1.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.3068.2559 [GMT 1:00]
Lancé depuis: c:\users\Kali\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2433963360-3726585353-293366561-1001
c:\$recycle.bin\S-1-5-21-2883191093-3194480448-2608776333-500
c:\$recycle.bin\S-1-5-21-4117646254-3045606542-2690056552-1001
C:\install.exe
c:\users\Kali\AppData\Roaming\.#
c:\users\Kali\AppData\Roaming\addon.dat
c:\users\Kali\AppData\Roaming\Desktopicon
c:\users\Kali\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\windows\system32\Msdirectx.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-14 au 2009-11-14 ))))))))))))))))))))))))))))))))))))
.
2009-11-14 15:40 . 2009-11-14 15:41 -------- d-----w- c:\users\Kali\AppData\Local\temp
2009-11-14 15:40 . 2009-11-14 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-12 21:37 . 2009-11-12 21:38 4096 d-----w- C:\Rustbfix
2009-11-12 21:33 . 2009-11-12 21:35 8192 d-----w- C:\ToolBar SD
2009-11-11 18:34 . 2009-11-11 18:34 4096 d-----w- c:\program files\Xvid
2009-11-11 18:34 . 2009-11-11 18:34 4096 d-----w- c:\program files\Real Alternative
2009-11-10 22:19 . 2009-11-10 22:19 4096 d-----w- c:\program files\NewsBinGN
2009-11-06 16:38 . 2009-11-10 22:27 4096 d-----w- c:\users\Kali\AppData\Local\NewsBin
2009-10-29 11:47 . 2009-10-29 11:47 -------- d-----w- c:\program files\Alex Feinman
2009-10-29 11:38 . 2009-10-29 11:38 -------- d-----w- c:\users\Kali\lmms
2009-10-29 11:31 . 2009-10-29 11:31 -------- d-----w- c:\users\Kali\AppData\Roaming\Xilisoft Corporation
2009-10-26 15:11 . 2009-10-26 15:11 231 ----a-w- C:\ffmpeg_debug.bat
2009-10-26 15:11 . 2009-10-26 15:11 224 ----a-w- C:\ffmpeg.bat
2009-10-25 22:32 . 2009-10-26 15:00 -------- d-----w- c:\users\Kali\AppData\Roaming\VMware
2009-10-25 22:26 . 2009-10-26 15:07 4096 d-----w- c:\programdata\VMware
2009-10-20 04:58 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-20 04:58 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-20 04:58 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-20 04:58 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-20 04:58 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-20 04:58 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-20 04:58 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-20 04:58 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-20 04:58 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-19 21:24 . 2009-10-19 21:24 -------- d-----w- c:\users\Kali\AppData\Local\AirMouse
2009-10-17 10:16 . 2004-12-30 21:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-10-17 10:16 . 2009-10-17 10:16 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-10-17 10:00 . 2009-10-17 10:00 -------- d-----w- c:\program files\gPotato.eu
2009-10-17 09:47 . 2009-10-17 09:51 4096 d-----w- c:\program files\ARAR
2009-10-17 09:29 . 2009-10-17 09:41 4096 d-----w- c:\program files\Rar Repair Tool
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 07:33 . 2009-03-31 22:00 48544 ----a-w- c:\programdata\nvModes.dat
2009-11-12 20:26 . 2009-07-30 11:50 4096 d-----w- c:\program files\Ripp-it_AM
2009-11-12 20:26 . 2009-04-02 15:58 8192 d-----w- c:\program files\AC3Filter
2009-11-12 18:03 . 2008-08-04 22:32 16384 d-----w- c:\programdata\Microsoft Help
2009-11-11 17:32 . 2009-07-30 14:46 4096 d-----w- c:\programdata\DVD Shrink
2009-11-11 17:18 . 2009-04-01 11:58 4096 d-----w- c:\users\Kali\AppData\Roaming\NewsBin
2009-11-10 22:29 . 2009-08-10 21:34 4096 d-----w- c:\users\Kali\AppData\Roaming\Mp3tag
2009-11-10 22:29 . 2009-04-01 11:58 -------- d-----w- c:\program files\NewsBin
2009-11-09 22:06 . 2009-04-04 13:34 8192 d-----w- c:\users\Kali\AppData\Roaming\LimeWire
2009-11-05 22:25 . 2009-07-29 18:11 -------- d-----r- c:\program files\Skype
2009-11-02 22:09 . 2009-04-20 18:58 4096 d-----w- c:\program files\Messenger Plus! Live
2009-11-02 19:42 . 2009-10-03 07:11 195456 ----a-w- c:\windows\system32\MpSigStub.exe
2009-10-29 17:57 . 2009-06-28 21:34 8192 d-----w- c:\program files\a-squared Free
2009-10-29 10:51 . 2008-08-04 21:27 20480 d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 17:56 . 2009-04-04 09:19 8192 d-----w- c:\program files\adslTV
2009-10-28 12:36 . 2009-06-09 18:03 -------- d-----w- c:\users\Kali\AppData\Roaming\gtk-2.0
2009-10-25 23:14 . 2008-08-05 07:00 654486 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-25 23:14 . 2008-08-05 07:00 118474 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-18 19:21 . 2009-05-21 11:21 1 ----a-w- c:\users\Kali\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-11 19:15 . 2009-10-11 19:12 -------- d-----w- c:\users\Kali\AppData\Roaming\DiskAid
2009-10-07 14:15 . 2009-10-05 20:48 -------- d-----w- c:\users\Kali\AppData\Roaming\dvdcss
2009-10-04 22:02 . 2009-05-16 16:10 12288 d-----w- c:\program files\iTunes
2009-10-04 22:00 . 2009-10-04 22:00 -------- d-----w- c:\program files\iPod
2009-10-04 21:58 . 2009-08-11 17:09 4096 d-----w- c:\program files\QuickTime
2009-10-04 21:50 . 2009-10-04 21:50 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-04 21:34 . 2009-04-03 18:12 -------- d-----w- c:\programdata\Apple Computer
2009-10-04 21:33 . 2009-10-04 21:33 4096 d-----w- c:\program files\Apple Software Update
2009-10-04 21:30 . 2009-05-16 16:09 -------- d-----w- c:\program files\Common Files\Apple
2009-10-03 21:41 . 2009-10-03 21:41 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-10-03 21:41 . 2009-10-03 21:41 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-10-03 21:41 . 2009-10-03 21:41 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-10-03 21:41 . 2009-10-03 21:41 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-10-03 21:41 . 2009-10-03 21:41 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-10-03 21:41 . 2009-10-03 21:41 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe
2009-10-03 21:38 . 2009-10-03 21:38 -------- d-----w- c:\program files\Microsoft
2009-10-03 21:29 . 2009-10-03 21:29 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{D2CA31E1-EE00-11DD-B5A6-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-10-03 21:29 . 2009-10-03 21:29 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{D2CA31E1-EE00-11DD-B5A6-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-10-03 21:29 . 2009-10-03 21:29 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{D2CA31E1-EE00-11DD-B5A6-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-10-03 21:29 . 2009-10-03 21:29 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{D2CA31E1-EE00-11DD-B5A6-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-10-03 21:29 . 2009-10-03 21:29 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{D2CA31E1-EE00-11DD-B5A6-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-10-03 16:04 . 2009-09-02 10:31 4096 d-----w- c:\program files\Common Files\Logishrd
2009-10-03 16:04 . 2009-09-02 10:30 -------- d-----w- c:\programdata\LogiShrd
2009-10-03 16:04 . 2009-10-03 16:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-09-30 18:39 . 2009-04-10 17:32 4096 d-----w- c:\program files\Windows Live Safety Center
2009-09-28 15:48 . 2009-09-28 15:48 4096 d-----w- c:\program files\VistaCodecPack
2009-09-21 17:16 . 2009-09-21 17:16 4096 d-----w- c:\program files\WinSCP
2009-09-21 12:41 . 2009-09-21 12:41 -------- d-----w- c:\programdata\E91
2009-09-20 20:46 . 2009-09-20 20:46 -------- d-----w- c:\users\Kali\AppData\Roaming\FLV Extract
2009-09-18 21:33 . 2009-09-18 21:33 113280 ----a-w- c:\programdata\Microsoft\VCExpress\9.0\1036\ResourceCache.dll
2009-09-18 21:32 . 2009-09-18 21:32 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1036\ResourceCache.dll
2009-09-18 21:31 . 2009-09-18 21:30 4096 d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-09-18 21:31 . 2009-09-18 21:30 4096 d-----w- c:\program files\Common Files\Merge Modules
2009-09-18 21:29 . 2009-09-18 21:29 -------- d-----w- c:\program files\Microsoft SDKs
2009-09-17 15:54 . 2009-09-17 15:54 4096 d-----w- c:\program files\Movies2iPhone
2009-09-16 21:45 . 2009-09-16 21:45 107640 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-16 21:28 . 2009-09-16 21:28 4096 d-----w- c:\program files\LibUSB-Win32-0.1.10.0
2009-09-16 20:37 . 2009-05-16 16:11 4096 d-----w- c:\users\Kali\AppData\Roaming\Apple Computer
2009-09-16 20:24 . 2009-09-16 18:33 4096 d-----w- c:\program files\QuickFreedom
2009-09-16 19:56 . 2009-09-16 19:36 -------- d-----w- c:\program files\iPod(51)
2009-09-16 19:36 . 2009-09-16 19:36 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-16 19:35 . 2009-09-16 19:35 4096 d-----w- c:\program files\LibUSB-Win32
2009-09-16 19:34 . 2009-09-16 19:33 4096 d-----w- c:\program files\QuickTime(125)
2009-09-16 17:23 . 2009-04-03 18:12 -------- d-----w- c:\programdata\Apple
2009-09-14 09:29 . 2009-10-16 05:11 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-12 15:10 . 2009-09-12 15:10 12862 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{A9093D28-B74F-4CA5-86F0-6C5BB55E166E}\_69525f90.exe
2009-09-12 15:10 . 2009-09-12 15:10 12862 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{A9093D28-B74F-4CA5-86F0-6C5BB55E166E}\_5af141bb.exe
2009-09-12 15:10 . 2009-09-12 15:10 12862 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{A9093D28-B74F-4CA5-86F0-6C5BB55E166E}\_26e91eb.exe
2009-09-12 15:10 . 2009-09-12 15:10 12862 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{A9093D28-B74F-4CA5-86F0-6C5BB55E166E}\_16496df1.exe
2009-09-10 16:48 . 2009-10-16 05:11 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 09:48 . 2009-10-20 15:28 93552 ----a-w- c:\windows\Help\OEM\scripts\RegRestore.exe
2009-09-10 09:48 . 2009-10-20 15:28 12288 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager1_5.dll
2009-09-10 09:48 . 2009-10-20 15:28 9728 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager.DLL
2009-09-07 18:55 . 2009-04-05 13:50 7808 ----a-w- c:\users\Kali\AppData\Local\d3d9caps.dat
2009-09-04 11:41 . 2009-10-16 05:11 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 10:33 . 2009-09-02 10:33 53248 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2009-08-28 17:42 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 17:42 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 05:22 . 2009-10-16 05:11 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-16 05:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-16 05:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-16 05:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-24 19:59 . 2009-08-24 19:59 8192 ----a-w- c:\programdata\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\Installer\CommonCustomActions\UninstCCD.exe
2009-08-23 21:00 . 2009-03-31 22:20 80600 ----a-w- c:\users\Kali\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-23 20:54 . 2009-08-23 20:42 36864 ----a-w- c:\programdata\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2009-08-21 20:14 . 2009-08-21 20:14 413696 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\wrap_oal.dll
2009-08-21 20:14 . 2009-08-21 20:14 598016 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\highgui100.dll
2009-08-21 20:14 . 2009-08-21 20:14 3426072 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\d3dx9_32.dll
2009-08-21 20:14 . 2009-08-21 20:14 933888 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\cxcore100.dll
2009-08-21 20:14 . 2009-08-21 20:14 724992 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\cv100.dll
2009-08-21 20:14 . 2009-08-21 20:14 389120 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\RenderSystem_Direct3D9.dll
2009-08-21 20:14 . 2009-08-21 20:14 110592 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\OpenAL32.dll
2009-08-21 20:14 . 2009-08-21 20:14 103424 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\Plugin_ParticleFX.dll
2009-08-21 20:14 . 2009-08-21 20:14 5496320 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\OgreMain.dll
2009-08-21 20:14 . 2009-08-21 20:14 1168896 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\Go-Sport-Web.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 16:10 . 2009-04-01 11:53 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2009-04-01 11:53 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-04-01 11:53 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2009-04-01 11:53 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2009-04-01 11:53 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-05-01 21:02 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-05 07:03 . 2008-08-05 07:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Kali\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-03 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-04-10 186904]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-2 813584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Kali^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BananaScreen.lnk]
path=c:\users\Kali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BananaScreen.lnk
backup=c:\windows\pss\BananaScreen.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Kali^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ImpulseNow.lnk]
path=c:\users\Kali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk
backup=c:\windows\pss\ImpulseNow.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Kali^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\Kali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Kali^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de détection de support Picture Motion Browser.lnk]
path=c:\users\Kali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outil de détection de support Picture Motion Browser.lnk
backup=c:\windows\pss\Outil de détection de support Picture Motion Browser.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Kali^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PSPdisp.lnk]
path=c:\users\Kali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PSPdisp.lnk
backup=c:\windows\pss\PSPdisp.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):68,b0,e3,2a,35,ec,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2883191093-3194480448-2608776333-1000]
"EnableNotificationsRef"=dword:00000001
R0 hotcore3;Hotcore helper;c:\windows\System32\drivers\hotcore3.sys [15/08/2009 17:49 40496]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\System32\drivers\libusb0.sys [22/12/2008 01:06 28672]
S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [01/04/2009 12:53 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [01/04/2009 12:53 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [01/04/2009 12:53 53328]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
S2 gupdate1c9ed14640f6927;Service Google Update (gupdate1c9ed14640f6927);c:\program files\Google\Update\GoogleUpdate.exe [14/06/2009 18:20 133104]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/11/2007 21:22 34064]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [04/08/2008 23:49 361808]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [17/06/2009 13:02 29192]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [04/08/2008 22:51 193840]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 16:13 234864]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [26/06/2009 21:55 66080]
S3 pspdisp;pspdisp;c:\windows\System32\drivers\pspdisp.sys [12/09/2008 17:58 3328]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - MBR
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'
2009-11-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-14 17:19]
2009-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 17:20]
2009-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 17:20]
2009-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2883191093-3194480448-2608776333-1000Core.job
- c:\users\Kali\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-03 21:28]
2009-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2883191093-3194480448-2608776333-1000UA.job
- c:\users\Kali\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-03 21:28]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kali\AppData\Roaming\Mozilla\Firefox\Profiles\xxuomksa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://www.google.fr/search?sourceid=firefox&hl=fr&ie=UTF-8&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptidfusionplugin.dll
FF - plugin: c:\program files\Total Immersion\DFusionWeb\nptidfusionplugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Kali\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-FolderLock6 - c:\program files\Folder Lock\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-14 16:40
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys speu.sys >>UNKNOWN [0x862F3938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8633f1f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2883191093-3194480448-2608776333-1000\Software\SecuROM\License information*]
"datasecu"=hex:2f,84,a5,b9,a4,e9,7c,94,ea,53,08,c6,99,b0,3d,33,7c,27,a0,a5,03,
4f,92,9e,17,e5,64,12,52,24,05,6f,00,5f,5f,d2,00,c0,3a,6f,da,d9,1e,84,73,a6,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(1772)
c:\program files\HP\QuickPlay\Kernel\Video\CLMedia.dll
c:\program files\Combined Community Codec Pack\Filters\VSFilter.dll
c:\program files\OpenSource Flash Video Splitter\FLVSplitter.ax
c:\program files\Combined Community Codec Pack\Filters\WavPackDSSplitter.ax
c:\windows\system32\aac_parser.ax
c:\program files\Combined Community Codec Pack\Filters\Haali\splitter.ax
c:\program files\Combined Community Codec Pack\Filters\Haali\mkzlib.dll
c:\program files\Combined Community Codec Pack\Filters\Haali\mkunicode.dll
c:\program files\Common Files\Ahead\DSFilter\NeAudio.ax
.
Heure de fin: 2009-11-14 16:43
ComboFix-quarantined-files.txt 2009-11-14 15:43
Avant-CF: 58 682 281 984 octets libres
Après-CF: 58 542 170 112 octets libres
- - End Of File - - 740F04A6F059C4FF5D7277453A53262A
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.3068.2559 [GMT 1:00]
Lancé depuis: c:\users\Kali\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2433963360-3726585353-293366561-1001
c:\$recycle.bin\S-1-5-21-2883191093-3194480448-2608776333-500
c:\$recycle.bin\S-1-5-21-4117646254-3045606542-2690056552-1001
C:\install.exe
c:\users\Kali\AppData\Roaming\.#
c:\users\Kali\AppData\Roaming\addon.dat
c:\users\Kali\AppData\Roaming\Desktopicon
c:\users\Kali\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\windows\system32\Msdirectx.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-14 au 2009-11-14 ))))))))))))))))))))))))))))))))))))
.
2009-11-14 15:40 . 2009-11-14 15:41 -------- d-----w- c:\users\Kali\AppData\Local\temp
2009-11-14 15:40 . 2009-11-14 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-12 21:37 . 2009-11-12 21:38 4096 d-----w- C:\Rustbfix
2009-11-12 21:33 . 2009-11-12 21:35 8192 d-----w- C:\ToolBar SD
2009-11-11 18:34 . 2009-11-11 18:34 4096 d-----w- c:\program files\Xvid
2009-11-11 18:34 . 2009-11-11 18:34 4096 d-----w- c:\program files\Real Alternative
2009-11-10 22:19 . 2009-11-10 22:19 4096 d-----w- c:\program files\NewsBinGN
2009-11-06 16:38 . 2009-11-10 22:27 4096 d-----w- c:\users\Kali\AppData\Local\NewsBin
2009-10-29 11:47 . 2009-10-29 11:47 -------- d-----w- c:\program files\Alex Feinman
2009-10-29 11:38 . 2009-10-29 11:38 -------- d-----w- c:\users\Kali\lmms
2009-10-29 11:31 . 2009-10-29 11:31 -------- d-----w- c:\users\Kali\AppData\Roaming\Xilisoft Corporation
2009-10-26 15:11 . 2009-10-26 15:11 231 ----a-w- C:\ffmpeg_debug.bat
2009-10-26 15:11 . 2009-10-26 15:11 224 ----a-w- C:\ffmpeg.bat
2009-10-25 22:32 . 2009-10-26 15:00 -------- d-----w- c:\users\Kali\AppData\Roaming\VMware
2009-10-25 22:26 . 2009-10-26 15:07 4096 d-----w- c:\programdata\VMware
2009-10-20 04:58 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-20 04:58 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-20 04:58 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-20 04:58 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-20 04:58 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-20 04:58 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-20 04:58 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-20 04:58 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-20 04:58 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-19 21:24 . 2009-10-19 21:24 -------- d-----w- c:\users\Kali\AppData\Local\AirMouse
2009-10-17 10:16 . 2004-12-30 21:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-10-17 10:16 . 2009-10-17 10:16 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-10-17 10:00 . 2009-10-17 10:00 -------- d-----w- c:\program files\gPotato.eu
2009-10-17 09:47 . 2009-10-17 09:51 4096 d-----w- c:\program files\ARAR
2009-10-17 09:29 . 2009-10-17 09:41 4096 d-----w- c:\program files\Rar Repair Tool
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 07:33 . 2009-03-31 22:00 48544 ----a-w- c:\programdata\nvModes.dat
2009-11-12 20:26 . 2009-07-30 11:50 4096 d-----w- c:\program files\Ripp-it_AM
2009-11-12 20:26 . 2009-04-02 15:58 8192 d-----w- c:\program files\AC3Filter
2009-11-12 18:03 . 2008-08-04 22:32 16384 d-----w- c:\programdata\Microsoft Help
2009-11-11 17:32 . 2009-07-30 14:46 4096 d-----w- c:\programdata\DVD Shrink
2009-11-11 17:18 . 2009-04-01 11:58 4096 d-----w- c:\users\Kali\AppData\Roaming\NewsBin
2009-11-10 22:29 . 2009-08-10 21:34 4096 d-----w- c:\users\Kali\AppData\Roaming\Mp3tag
2009-11-10 22:29 . 2009-04-01 11:58 -------- d-----w- c:\program files\NewsBin
2009-11-09 22:06 . 2009-04-04 13:34 8192 d-----w- c:\users\Kali\AppData\Roaming\LimeWire
2009-11-05 22:25 . 2009-07-29 18:11 -------- d-----r- c:\program files\Skype
2009-11-02 22:09 . 2009-04-20 18:58 4096 d-----w- c:\program files\Messenger Plus! Live
2009-11-02 19:42 . 2009-10-03 07:11 195456 ----a-w- c:\windows\system32\MpSigStub.exe
2009-10-29 17:57 . 2009-06-28 21:34 8192 d-----w- c:\program files\a-squared Free
2009-10-29 10:51 . 2008-08-04 21:27 20480 d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 17:56 . 2009-04-04 09:19 8192 d-----w- c:\program files\adslTV
2009-10-28 12:36 . 2009-06-09 18:03 -------- d-----w- c:\users\Kali\AppData\Roaming\gtk-2.0
2009-10-25 23:14 . 2008-08-05 07:00 654486 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-25 23:14 . 2008-08-05 07:00 118474 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-18 19:21 . 2009-05-21 11:21 1 ----a-w- c:\users\Kali\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-11 19:15 . 2009-10-11 19:12 -------- d-----w- c:\users\Kali\AppData\Roaming\DiskAid
2009-10-07 14:15 . 2009-10-05 20:48 -------- d-----w- c:\users\Kali\AppData\Roaming\dvdcss
2009-10-04 22:02 . 2009-05-16 16:10 12288 d-----w- c:\program files\iTunes
2009-10-04 22:00 . 2009-10-04 22:00 -------- d-----w- c:\program files\iPod
2009-10-04 21:58 . 2009-08-11 17:09 4096 d-----w- c:\program files\QuickTime
2009-10-04 21:50 . 2009-10-04 21:50 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-04 21:34 . 2009-04-03 18:12 -------- d-----w- c:\programdata\Apple Computer
2009-10-04 21:33 . 2009-10-04 21:33 4096 d-----w- c:\program files\Apple Software Update
2009-10-04 21:30 . 2009-05-16 16:09 -------- d-----w- c:\program files\Common Files\Apple
2009-10-03 21:41 . 2009-10-03 21:41 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-10-03 21:41 . 2009-10-03 21:41 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-10-03 21:41 . 2009-10-03 21:41 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-10-03 21:41 . 2009-10-03 21:41 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-10-03 21:41 . 2009-10-03 21:41 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-10-03 21:41 . 2009-10-03 21:41 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe
2009-10-03 21:38 . 2009-10-03 21:38 -------- d-----w- c:\program files\Microsoft
2009-10-03 21:29 . 2009-10-03 21:29 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{D2CA31E1-EE00-11DD-B5A6-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-10-03 21:29 . 2009-10-03 21:29 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{D2CA31E1-EE00-11DD-B5A6-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-10-03 21:29 . 2009-10-03 21:29 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{D2CA31E1-EE00-11DD-B5A6-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-10-03 21:29 . 2009-10-03 21:29 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{D2CA31E1-EE00-11DD-B5A6-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-10-03 21:29 . 2009-10-03 21:29 25214 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{D2CA31E1-EE00-11DD-B5A6-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-10-03 16:04 . 2009-09-02 10:31 4096 d-----w- c:\program files\Common Files\Logishrd
2009-10-03 16:04 . 2009-09-02 10:30 -------- d-----w- c:\programdata\LogiShrd
2009-10-03 16:04 . 2009-10-03 16:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-09-30 18:39 . 2009-04-10 17:32 4096 d-----w- c:\program files\Windows Live Safety Center
2009-09-28 15:48 . 2009-09-28 15:48 4096 d-----w- c:\program files\VistaCodecPack
2009-09-21 17:16 . 2009-09-21 17:16 4096 d-----w- c:\program files\WinSCP
2009-09-21 12:41 . 2009-09-21 12:41 -------- d-----w- c:\programdata\E91
2009-09-20 20:46 . 2009-09-20 20:46 -------- d-----w- c:\users\Kali\AppData\Roaming\FLV Extract
2009-09-18 21:33 . 2009-09-18 21:33 113280 ----a-w- c:\programdata\Microsoft\VCExpress\9.0\1036\ResourceCache.dll
2009-09-18 21:32 . 2009-09-18 21:32 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1036\ResourceCache.dll
2009-09-18 21:31 . 2009-09-18 21:30 4096 d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-09-18 21:31 . 2009-09-18 21:30 4096 d-----w- c:\program files\Common Files\Merge Modules
2009-09-18 21:29 . 2009-09-18 21:29 -------- d-----w- c:\program files\Microsoft SDKs
2009-09-17 15:54 . 2009-09-17 15:54 4096 d-----w- c:\program files\Movies2iPhone
2009-09-16 21:45 . 2009-09-16 21:45 107640 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-16 21:28 . 2009-09-16 21:28 4096 d-----w- c:\program files\LibUSB-Win32-0.1.10.0
2009-09-16 20:37 . 2009-05-16 16:11 4096 d-----w- c:\users\Kali\AppData\Roaming\Apple Computer
2009-09-16 20:24 . 2009-09-16 18:33 4096 d-----w- c:\program files\QuickFreedom
2009-09-16 19:56 . 2009-09-16 19:36 -------- d-----w- c:\program files\iPod(51)
2009-09-16 19:36 . 2009-09-16 19:36 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-16 19:35 . 2009-09-16 19:35 4096 d-----w- c:\program files\LibUSB-Win32
2009-09-16 19:34 . 2009-09-16 19:33 4096 d-----w- c:\program files\QuickTime(125)
2009-09-16 17:23 . 2009-04-03 18:12 -------- d-----w- c:\programdata\Apple
2009-09-14 09:29 . 2009-10-16 05:11 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-12 15:10 . 2009-09-12 15:10 12862 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{A9093D28-B74F-4CA5-86F0-6C5BB55E166E}\_69525f90.exe
2009-09-12 15:10 . 2009-09-12 15:10 12862 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{A9093D28-B74F-4CA5-86F0-6C5BB55E166E}\_5af141bb.exe
2009-09-12 15:10 . 2009-09-12 15:10 12862 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{A9093D28-B74F-4CA5-86F0-6C5BB55E166E}\_26e91eb.exe
2009-09-12 15:10 . 2009-09-12 15:10 12862 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{A9093D28-B74F-4CA5-86F0-6C5BB55E166E}\_16496df1.exe
2009-09-10 16:48 . 2009-10-16 05:11 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 09:48 . 2009-10-20 15:28 93552 ----a-w- c:\windows\Help\OEM\scripts\RegRestore.exe
2009-09-10 09:48 . 2009-10-20 15:28 12288 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager1_5.dll
2009-09-10 09:48 . 2009-10-20 15:28 9728 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager.DLL
2009-09-07 18:55 . 2009-04-05 13:50 7808 ----a-w- c:\users\Kali\AppData\Local\d3d9caps.dat
2009-09-04 11:41 . 2009-10-16 05:11 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 10:33 . 2009-09-02 10:33 53248 ----a-r- c:\users\Kali\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2009-08-28 17:42 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 17:42 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 05:22 . 2009-10-16 05:11 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-16 05:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-16 05:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-16 05:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-24 19:59 . 2009-08-24 19:59 8192 ----a-w- c:\programdata\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\Installer\CommonCustomActions\UninstCCD.exe
2009-08-23 21:00 . 2009-03-31 22:20 80600 ----a-w- c:\users\Kali\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-23 20:54 . 2009-08-23 20:42 36864 ----a-w- c:\programdata\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2009-08-21 20:14 . 2009-08-21 20:14 413696 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\wrap_oal.dll
2009-08-21 20:14 . 2009-08-21 20:14 598016 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\highgui100.dll
2009-08-21 20:14 . 2009-08-21 20:14 3426072 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\d3dx9_32.dll
2009-08-21 20:14 . 2009-08-21 20:14 933888 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\cxcore100.dll
2009-08-21 20:14 . 2009-08-21 20:14 724992 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\cv100.dll
2009-08-21 20:14 . 2009-08-21 20:14 389120 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\RenderSystem_Direct3D9.dll
2009-08-21 20:14 . 2009-08-21 20:14 110592 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\OpenAL32.dll
2009-08-21 20:14 . 2009-08-21 20:14 103424 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\Plugin_ParticleFX.dll
2009-08-21 20:14 . 2009-08-21 20:14 5496320 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\OgreMain.dll
2009-08-21 20:14 . 2009-08-21 20:14 1168896 ----a-w- c:\users\Kali\AppData\Roaming\Total Immersion\Web\Player\www.go-sport.com\pl\Go-Sport-Web.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 16:10 . 2009-04-01 11:53 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2009-04-01 11:53 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-04-01 11:53 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2009-04-01 11:53 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2009-04-01 11:53 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-05-01 21:02 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-05 07:03 . 2008-08-05 07:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Kali\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-03 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-04-10 186904]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-2 813584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Kali^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BananaScreen.lnk]
path=c:\users\Kali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BananaScreen.lnk
backup=c:\windows\pss\BananaScreen.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Kali^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ImpulseNow.lnk]
path=c:\users\Kali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk
backup=c:\windows\pss\ImpulseNow.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Kali^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\Kali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Kali^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de détection de support Picture Motion Browser.lnk]
path=c:\users\Kali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outil de détection de support Picture Motion Browser.lnk
backup=c:\windows\pss\Outil de détection de support Picture Motion Browser.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Kali^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PSPdisp.lnk]
path=c:\users\Kali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PSPdisp.lnk
backup=c:\windows\pss\PSPdisp.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):68,b0,e3,2a,35,ec,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2883191093-3194480448-2608776333-1000]
"EnableNotificationsRef"=dword:00000001
R0 hotcore3;Hotcore helper;c:\windows\System32\drivers\hotcore3.sys [15/08/2009 17:49 40496]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\System32\drivers\libusb0.sys [22/12/2008 01:06 28672]
S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [01/04/2009 12:53 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [01/04/2009 12:53 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [01/04/2009 12:53 53328]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
S2 gupdate1c9ed14640f6927;Service Google Update (gupdate1c9ed14640f6927);c:\program files\Google\Update\GoogleUpdate.exe [14/06/2009 18:20 133104]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/11/2007 21:22 34064]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [04/08/2008 23:49 361808]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [17/06/2009 13:02 29192]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [04/08/2008 22:51 193840]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 16:13 234864]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [26/06/2009 21:55 66080]
S3 pspdisp;pspdisp;c:\windows\System32\drivers\pspdisp.sys [12/09/2008 17:58 3328]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - MBR
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'
2009-11-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-14 17:19]
2009-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 17:20]
2009-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 17:20]
2009-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2883191093-3194480448-2608776333-1000Core.job
- c:\users\Kali\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-03 21:28]
2009-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2883191093-3194480448-2608776333-1000UA.job
- c:\users\Kali\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-03 21:28]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kali\AppData\Roaming\Mozilla\Firefox\Profiles\xxuomksa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://www.google.fr/search?sourceid=firefox&hl=fr&ie=UTF-8&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptidfusionplugin.dll
FF - plugin: c:\program files\Total Immersion\DFusionWeb\nptidfusionplugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Kali\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-FolderLock6 - c:\program files\Folder Lock\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-14 16:40
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys speu.sys >>UNKNOWN [0x862F3938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8633f1f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2883191093-3194480448-2608776333-1000\Software\SecuROM\License information*]
"datasecu"=hex:2f,84,a5,b9,a4,e9,7c,94,ea,53,08,c6,99,b0,3d,33,7c,27,a0,a5,03,
4f,92,9e,17,e5,64,12,52,24,05,6f,00,5f,5f,d2,00,c0,3a,6f,da,d9,1e,84,73,a6,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(1772)
c:\program files\HP\QuickPlay\Kernel\Video\CLMedia.dll
c:\program files\Combined Community Codec Pack\Filters\VSFilter.dll
c:\program files\OpenSource Flash Video Splitter\FLVSplitter.ax
c:\program files\Combined Community Codec Pack\Filters\WavPackDSSplitter.ax
c:\windows\system32\aac_parser.ax
c:\program files\Combined Community Codec Pack\Filters\Haali\splitter.ax
c:\program files\Combined Community Codec Pack\Filters\Haali\mkzlib.dll
c:\program files\Combined Community Codec Pack\Filters\Haali\mkunicode.dll
c:\program files\Common Files\Ahead\DSFilter\NeAudio.ax
.
Heure de fin: 2009-11-14 16:43
ComboFix-quarantined-files.txt 2009-11-14 15:43
Avant-CF: 58 682 281 984 octets libres
Après-CF: 58 542 170 112 octets libres
- - End Of File - - 740F04A6F059C4FF5D7277453A53262A
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
lancé: Rapport GenProc 2.646 [3] - 12/11/2009 à 22:22:36
@ Windows 7 - Hewlett-Packard - Mode normal
@ Mozilla Firefox (3.5.1) [Navigateur par défaut]
~~ CM DISK ERROR ~~
# Etape 1/ Télécharge :
- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3 (Team IDN) sur ton Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Kali443 *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[3]" sur ton bureau).
# Etape 2/
Lance Toolbar-S&D situé sur le Bureau. Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.
# Etape 3/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 4/
Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport TB.txt situé dans C:\ ;
- Un nouveau rapport HijackThis https://forums.cnetfrance.fr/tutoriels-securite-informatique/1549-hijackthis-comment-l-utiliser ;
- Un nouveau rapport GenProc ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
~~ Arguments de la procédure ~~
# Détections [1] GenProc 2.646 12/11/2009 à 22:17:55
Toolbar:le 12/11/2009 à 22:18:09 "C:\Program Files\DAEMON Tools Toolbar"
# Détections [2] GenProc 2.646 12/11/2009 à 22:19:06
Toolbar:le 12/11/2009 à 22:19:18 "C:\Program Files\DAEMON Tools Toolbar"
# Détections [3] GenProc 2.646 12/11/2009 à 22:22:37
Toolbar:le 12/11/2009 à 22:22:49 "C:\Program Files\DAEMON Tools Toolbar"
----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------
~~ Fin à 22:22:58 ~~
@ Windows 7 - Hewlett-Packard - Mode normal
@ Mozilla Firefox (3.5.1) [Navigateur par défaut]
~~ CM DISK ERROR ~~
# Etape 1/ Télécharge :
- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3 (Team IDN) sur ton Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Kali443 *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[3]" sur ton bureau).
# Etape 2/
Lance Toolbar-S&D situé sur le Bureau. Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.
# Etape 3/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 4/
Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport TB.txt situé dans C:\ ;
- Un nouveau rapport HijackThis https://forums.cnetfrance.fr/tutoriels-securite-informatique/1549-hijackthis-comment-l-utiliser ;
- Un nouveau rapport GenProc ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
~~ Arguments de la procédure ~~
# Détections [1] GenProc 2.646 12/11/2009 à 22:17:55
Toolbar:le 12/11/2009 à 22:18:09 "C:\Program Files\DAEMON Tools Toolbar"
# Détections [2] GenProc 2.646 12/11/2009 à 22:19:06
Toolbar:le 12/11/2009 à 22:19:18 "C:\Program Files\DAEMON Tools Toolbar"
# Détections [3] GenProc 2.646 12/11/2009 à 22:22:37
Toolbar:le 12/11/2009 à 22:22:49 "C:\Program Files\DAEMON Tools Toolbar"
----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------
~~ Fin à 22:22:58 ~~
[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
