Firefox très lent à s'ouvrir
Résolu/Fermé
gerard arf
Messages postés
18
Date d'inscription
samedi 28 novembre 2009
Statut
Membre
Dernière intervention
1 décembre 2009
-
28 nov. 2009 à 10:54
gerard arf Messages postés 18 Date d'inscription samedi 28 novembre 2009 Statut Membre Dernière intervention 1 décembre 2009 - 1 déc. 2009 à 22:31
gerard arf Messages postés 18 Date d'inscription samedi 28 novembre 2009 Statut Membre Dernière intervention 1 décembre 2009 - 1 déc. 2009 à 22:31
A voir également:
- Firefox très lent à s'ouvrir
- Ordinateur très lent - Guide
- Ouvrir fichier rar - Guide
- Aucune application permettant d'ouvrir ce lien n'a été trouvée ✓ - Forum Wiko
- Ouvrir fichier .bin - Guide
- Ouvrir ma boîte mail ✓ - Forum Messagerie
31 réponses
gerard arf
Messages postés
18
Date d'inscription
samedi 28 novembre 2009
Statut
Membre
Dernière intervention
1 décembre 2009
28 nov. 2009 à 15:15
28 nov. 2009 à 15:15
Complete scanning result of "iq38681.dll", processed in VirusTotal at 11/28/2009 15:13:27 (CET).
[ file data ]
* name..: iq38681.dll
* size..: 229376
* md5...: 1ddcf498722b9e9cd0d900ed54e99a71
* sha1..: bca16fbedb16e4b7911b7012e195f97e285e4c3d
* peid..: -
[ scan result ]
a-squared 4.5.0.43/20091128 found nothing
AhnLab-V3 5.0.0.2/20091128 found nothing
AntiVir 7.9.1.79/20091127 found nothing
Antiy-AVL 2.0.3.7/20091127 found nothing
Authentium 5.2.0.5/20091127 found nothing
Avast 4.8.1351.0/20091128 found nothing
AVG 8.5.0.426/20091128 found nothing
BitDefender 7.2/20091128 found nothing
CAT-QuickHeal 10.00/20091128 found nothing
ClamAV 0.94.1/20091128 found nothing
Comodo 3067/20091128 found nothing
DrWeb 5.0.0.12182/20091128 found nothing
eTrust-Vet 35.1.7146/20091127 found nothing
F-Prot 4.5.1.85/20091127 found nothing
F-Secure 9.0.15370.0/20091124 found nothing
Fortinet 4.0.14.0/20091128 found nothing
GData 19/20091128 found nothing
Ikarus T3.1.1.74.0/20091128 found nothing
Jiangmin 11.0.800/20091128 found nothing
K7AntiVirus 7.10.906/20091127 found nothing
Kaspersky 7.0.0.125/20091128 found nothing
McAfee 5815/20091127 found nothing
McAfee+Artemis 5815/20091127 found nothing
McAfee-GW-Edition 6.8.5/20091128 found nothing
Microsoft 1.5302/20091128 found nothing
NOD32 4644/20091128 found nothing
Norman 6.03.02/20091127 found nothing
nProtect 2009.1.8.0/20091128 found nothing
Panda 10.0.2.2/20091128 found nothing
PCTools 7.0.3.5/20091128 found nothing
Prevx 3.0/20091128 found nothing
Rising 22.23.05.04/20091128 found nothing
Sophos 4.48.0/20091127 found nothing
Sunbelt 3.2.1858.2/20091127 found nothing
Symantec 1.4.4.12/20091128 found nothing
TheHacker 6.5.0.2.080/20091127 found nothing
TrendMicro 9.100.0.1001/20091128 found nothing
VBA32 3.12.12.0/20091128 found nothing
ViRobot 2009.11.28.2060/20091128 found nothing
VirusBuster 5.0.21.0/20091127 found nothing
[ file data ]
* name..: iq38681.dll
* size..: 229376
* md5...: 1ddcf498722b9e9cd0d900ed54e99a71
* sha1..: bca16fbedb16e4b7911b7012e195f97e285e4c3d
* peid..: -
[ scan result ]
a-squared 4.5.0.43/20091128 found nothing
AhnLab-V3 5.0.0.2/20091128 found nothing
AntiVir 7.9.1.79/20091127 found nothing
Antiy-AVL 2.0.3.7/20091127 found nothing
Authentium 5.2.0.5/20091127 found nothing
Avast 4.8.1351.0/20091128 found nothing
AVG 8.5.0.426/20091128 found nothing
BitDefender 7.2/20091128 found nothing
CAT-QuickHeal 10.00/20091128 found nothing
ClamAV 0.94.1/20091128 found nothing
Comodo 3067/20091128 found nothing
DrWeb 5.0.0.12182/20091128 found nothing
eTrust-Vet 35.1.7146/20091127 found nothing
F-Prot 4.5.1.85/20091127 found nothing
F-Secure 9.0.15370.0/20091124 found nothing
Fortinet 4.0.14.0/20091128 found nothing
GData 19/20091128 found nothing
Ikarus T3.1.1.74.0/20091128 found nothing
Jiangmin 11.0.800/20091128 found nothing
K7AntiVirus 7.10.906/20091127 found nothing
Kaspersky 7.0.0.125/20091128 found nothing
McAfee 5815/20091127 found nothing
McAfee+Artemis 5815/20091127 found nothing
McAfee-GW-Edition 6.8.5/20091128 found nothing
Microsoft 1.5302/20091128 found nothing
NOD32 4644/20091128 found nothing
Norman 6.03.02/20091127 found nothing
nProtect 2009.1.8.0/20091128 found nothing
Panda 10.0.2.2/20091128 found nothing
PCTools 7.0.3.5/20091128 found nothing
Prevx 3.0/20091128 found nothing
Rising 22.23.05.04/20091128 found nothing
Sophos 4.48.0/20091127 found nothing
Sunbelt 3.2.1858.2/20091127 found nothing
Symantec 1.4.4.12/20091128 found nothing
TheHacker 6.5.0.2.080/20091127 found nothing
TrendMicro 9.100.0.1001/20091128 found nothing
VBA32 3.12.12.0/20091128 found nothing
ViRobot 2009.11.28.2060/20091128 found nothing
VirusBuster 5.0.21.0/20091127 found nothing
eZula
Messages postés
3392
Date d'inscription
samedi 26 avril 2008
Statut
Contributeur
Dernière intervention
8 mai 2021
392
28 nov. 2009 à 15:17
28 nov. 2009 à 15:17
C:\Delme.bat => clic droit sur ce fichier > "modifier". Que contient-il ?
gerard arf
Messages postés
18
Date d'inscription
samedi 28 novembre 2009
Statut
Membre
Dernière intervention
1 décembre 2009
28 nov. 2009 à 15:18
28 nov. 2009 à 15:18
echo off
:Repeat
del C:\PROGRA~1\EFFACE~1\Uninstal.exe
if exist C:\PROGRA~1\EFFACE~1\Uninstal.exe goto Repeat
rmdir C:\PROGRA~1\EFFACE~1
@cls
:Repeat
del C:\PROGRA~1\EFFACE~1\Uninstal.exe
if exist C:\PROGRA~1\EFFACE~1\Uninstal.exe goto Repeat
rmdir C:\PROGRA~1\EFFACE~1
@cls
eZula
Messages postés
3392
Date d'inscription
samedi 26 avril 2008
Statut
Contributeur
Dernière intervention
8 mai 2021
392
28 nov. 2009 à 15:24
28 nov. 2009 à 15:24
Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
Double clique combofix.exe et suis les instructions.
Installe la console de récupération si proposé et continue.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Double clique combofix.exe et suis les instructions.
Installe la console de récupération si proposé et continue.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
gerard arf
Messages postés
18
Date d'inscription
samedi 28 novembre 2009
Statut
Membre
Dernière intervention
1 décembre 2009
28 nov. 2009 à 17:40
28 nov. 2009 à 17:40
Me voilà de retour et voilà le rapport demandé :
ComboFix 09-11-27.07 - HP_Administrateur 28/11/2009 16:54:39.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.360 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\HP_Administrateur\Mes documents\telechargement\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091128-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\HP_Administrateur\Mes documents\Ma musique\chanteurs\Desktop_2.ini
C:\WINDOWS\a3kebook.ini
C:\WINDOWS\akebook.ini
C:\WINDOWS\ANS2000.INI
C:\WINDOWS\kb913800.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\iq38681.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINDOWS_LOG
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-28 au 2009-11-28 ))))))))))))))))))))))))))))))))))))
.
ComboFix 09-11-27.07 - HP_Administrateur 28/11/2009 16:54:39.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.360 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\HP_Administrateur\Mes documents\telechargement\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091128-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\HP_Administrateur\Mes documents\Ma musique\chanteurs\Desktop_2.ini
C:\WINDOWS\a3kebook.ini
C:\WINDOWS\akebook.ini
C:\WINDOWS\ANS2000.INI
C:\WINDOWS\kb913800.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\iq38681.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINDOWS_LOG
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-28 au 2009-11-28 ))))))))))))))))))))))))))))))))))))
.
gerard arf
Messages postés
18
Date d'inscription
samedi 28 novembre 2009
Statut
Membre
Dernière intervention
1 décembre 2009
30 nov. 2009 à 09:12
30 nov. 2009 à 09:12
Bonjour,
Je viens de repasser Combofix, pas de pb jusqu'au redémarrage de windows où je retrouve la fenêtre combofix indiquant :
Compte rendu en cours de préparation, Ne lancer aucun programme tant que combofix n'est pas fini.
J'ai laisser en attente plus d'une heure et rien ne se passe :
Voici le CR combofix.txt :
ComboFix 09-11-29.03 - HP_Administrateur 30/11/2009 8:24:02.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.518 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\HP_Administrateur\Mes documents\telechargement\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091129-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
C:\Documents and Settings\HP_Administrateur\Mes documents\Ma musique\chanteurs\Desktop_2.ini
C:\WINDOWS\a3kebook.ini
C:\WINDOWS\akebook.ini
C:\WINDOWS\ANS2000.INI
C:\WINDOWS\kb913800.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\iq38681.dll
D:\Autorun.inf
Une copie infectée de C:\WINDOWS\system32\drivers\ntfs.sys a été trouvée et désinfectée
Copie restaurée à partir de - C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINDOWS_LOG
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-28 au 2009-11-30 ))))))))))))))))))))))))))))))))))))
Voici un nouveau Hijack this :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:10:56, on 30/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Clavier+\Clavier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: D - {E5D279DB-2AF6-3524-BCE5-6E6D7D065042} - C:\WINDOWS\system32\iq38681.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Clavier+] C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Clavier+\Clavier.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Elmc2di - Intel Corporation - (no file)
O23 - Service: Service Google Update (gupdate1c9d61ef709d730) (gupdate1c9d61ef709d730) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Je viens de repasser Combofix, pas de pb jusqu'au redémarrage de windows où je retrouve la fenêtre combofix indiquant :
Compte rendu en cours de préparation, Ne lancer aucun programme tant que combofix n'est pas fini.
J'ai laisser en attente plus d'une heure et rien ne se passe :
Voici le CR combofix.txt :
ComboFix 09-11-29.03 - HP_Administrateur 30/11/2009 8:24:02.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.518 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\HP_Administrateur\Mes documents\telechargement\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091129-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
C:\Documents and Settings\HP_Administrateur\Mes documents\Ma musique\chanteurs\Desktop_2.ini
C:\WINDOWS\a3kebook.ini
C:\WINDOWS\akebook.ini
C:\WINDOWS\ANS2000.INI
C:\WINDOWS\kb913800.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\iq38681.dll
D:\Autorun.inf
Une copie infectée de C:\WINDOWS\system32\drivers\ntfs.sys a été trouvée et désinfectée
Copie restaurée à partir de - C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINDOWS_LOG
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-28 au 2009-11-30 ))))))))))))))))))))))))))))))))))))
Voici un nouveau Hijack this :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:10:56, on 30/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Clavier+\Clavier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: D - {E5D279DB-2AF6-3524-BCE5-6E6D7D065042} - C:\WINDOWS\system32\iq38681.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Clavier+] C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Clavier+\Clavier.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Elmc2di - Intel Corporation - (no file)
O23 - Service: Service Google Update (gupdate1c9d61ef709d730) (gupdate1c9d61ef709d730) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
gerard arf
Messages postés
18
Date d'inscription
samedi 28 novembre 2009
Statut
Membre
Dernière intervention
1 décembre 2009
30 nov. 2009 à 10:47
30 nov. 2009 à 10:47
Après un deuxième essai avec arrêt préalable d'avast, de Zone alarme, de spybot et d' ad-aware, j'ai enfin récupéré un rapport complet que voici :
ComboFix 09-11-29.03 - HP_Administrateur 30/11/2009 10:19.3.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.568 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Mes documents\telechargement\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091129-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
-- Exécution préalable --
Une copie infectée de c:\windows\system32\drivers\ntfs.sys a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\ntfs.sys
--------
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINDOWS_LOG
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-28 au 2009-11-30 ))))))))))))))))))))))))))))))))))))
.
2009-11-28 17:08 . 2009-11-28 17:08 -------- d-----w- c:\program files\MSXML 4.0
2009-11-28 13:48 . 2009-11-28 13:48 -------- d-----w- c:\program files\VirusTotalUploader2
2009-11-28 11:58 . 2009-11-28 11:58 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-11-28 11:46 . 2009-11-28 12:08 -------- d-----w- c:\program files\Navilog1
2009-11-28 10:45 . 2009-11-28 13:09 -------- d-----w- C:\GenProc
2009-11-26 13:15 . 2009-11-26 13:15 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\IObit
2009-11-26 11:54 . 2009-11-26 11:54 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Uniblue
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Livestation
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Mchid
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Livestation
2009-11-25 20:43 . 2009-11-25 09:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-25 12:32 . 2009-11-25 12:32 149 ----a-w- C:\Delme.bat
2009-11-25 09:29 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-25 09:26 . 2009-11-25 09:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-25 09:26 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-19 09:52 . 2009-11-19 09:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-19 09:51 . 2009-11-19 09:51 152576 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-10 09:18 . 2009-11-10 09:18 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\igraal
2009-11-06 17:10 . 2009-11-06 17:10 -------- d-----w- c:\program files\ZNsoft Corporation
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 09:33 . 2009-09-22 08:04 10457120 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-30 09:13 . 2006-10-17 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-30 08:49 . 2006-12-04 17:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-30 07:45 . 2009-09-22 08:04 122828 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-28 16:18 . 2009-11-28 16:17 1776821 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-11-28 12:17 . 2006-01-02 22:01 -------- d-----w- c:\program files\Google
2009-11-27 18:10 . 2009-11-27 18:11 1788928 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-11-27 18:08 . 2006-12-20 11:09 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-27 17:24 . 2005-10-10 11:39 82066 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-27 17:24 . 2005-10-10 11:39 505658 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-27 16:33 . 2007-03-07 07:23 -------- d-----w- c:\program files\Java
2009-11-27 10:54 . 2008-05-29 12:09 -------- d-----w- c:\program files\WinPcap
2009-11-26 16:34 . 2009-05-29 08:11 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Moniteur neufbox
2009-11-26 15:41 . 2006-10-06 19:29 -------- d-----w- c:\program files\WebExpert3
2009-11-25 17:17 . 2009-09-23 08:18 -------- d-----w- c:\program files\AnimGif3
2009-11-25 14:06 . 2006-01-02 22:05 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-11-25 09:25 . 2008-01-25 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-25 09:25 . 2006-10-06 20:06 -------- d-----w- c:\program files\Lavasoft
2009-11-24 12:57 . 2006-01-02 21:29 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-11-24 12:57 . 2006-01-02 21:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-19 09:39 . 2009-09-23 08:23 -------- d-----w- c:\program files\Popims
2009-11-19 09:38 . 2007-12-25 17:14 -------- d-----w- c:\program files\Panasonic
2009-11-18 16:29 . 2006-10-08 05:49 102976 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 13:47 . 2006-10-14 08:26 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\AdobeUM
2009-11-09 08:06 . 2009-11-10 07:40 859648 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-11-03 20:12 . 2008-07-25 07:50 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\U3
2009-10-29 14:16 . 2009-10-29 14:16 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 07:55 . 2006-10-07 06:13 -------- d-----w- c:\program files\Neuf
2009-10-22 15:42 . 2009-10-22 15:42 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\vlc
2009-10-22 12:45 . 2009-10-22 12:46 1451008 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-10-21 09:44 . 2007-03-17 18:27 -------- d-----w- c:\program files\x264
2009-10-21 09:44 . 2006-10-06 20:31 -------- d-----w- c:\program files\ReadIris
2009-10-21 09:44 . 2008-09-20 15:50 -------- d-----w- c:\program files\9giga Editor
2009-10-21 09:39 . 2009-10-21 09:39 -------- d-----w- c:\program files\DelThumbs
2009-10-14 08:28 . 2006-01-02 21:50 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-10-13 17:00 . 2006-10-16 13:48 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2006-10-17 17:55 . 2006-10-17 17:55 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Clavier+"="c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Clavier+\Clavier.exe" [2007-10-21 88576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-14 7557120]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ehTray"=c:\windows\ehome\ehtray.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
"HPHUPD08"=c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect
"ftutil2"=rundll32.exe ftutil2.dll,SetWriteCacheMode
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe"=
"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
"c:\\Program Files\\FTPExpert\\FTPXpert.exe"=
"c:\\Program Files\\WinPcap\\rpcapd.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25/11/2009 10:29 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2008 07:26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2008 07:26 20560]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [02/01/2006 22:31 2825088]
S2 gupdate1c9d61ef709d730;Service Google Update (gupdate1c9d61ef709d730);c:\program files\Google\Update\GoogleUpdate.exe [16/05/2009 13:07 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1184912]
S3 Elmc2di;Elmc2di; [x]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [29/06/2007 01:01 42512]
.
Contenu du dossier 'Tâches planifiées'
2009-11-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 09:28]
2009-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 12:07]
2009-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 12:07]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\cl1ge2ig.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://arforez.free.fr
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{E5D279DB-2AF6-3524-BCE5-6E6D7D065042} - c:\windows\system32\iq38681.dll
Notify-WgaLogon - (no file)
AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-RealJukebox 1.0 - c:\program files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-TerraExplorer - c:\program files\Skyline\TerraExplorer\Setup.exe [OP]/U
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 10:33
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(1808)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Microsoft Office\Office12\1036\GrooveIntlResource.dll
.
Heure de fin: 2009-11-30 10:36
ComboFix-quarantined-files.txt 2009-11-30 09:36
Avant-CF: 46 044 422 144 octets libres
Après-CF: 46 005 809 152 octets libres
- - End Of File - - 6E0107AEE59C6D3B4F199668AAAA9131
ComboFix 09-11-29.03 - HP_Administrateur 30/11/2009 10:19.3.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.568 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Mes documents\telechargement\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091129-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
-- Exécution préalable --
Une copie infectée de c:\windows\system32\drivers\ntfs.sys a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\ntfs.sys
--------
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINDOWS_LOG
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-28 au 2009-11-30 ))))))))))))))))))))))))))))))))))))
.
2009-11-28 17:08 . 2009-11-28 17:08 -------- d-----w- c:\program files\MSXML 4.0
2009-11-28 13:48 . 2009-11-28 13:48 -------- d-----w- c:\program files\VirusTotalUploader2
2009-11-28 11:58 . 2009-11-28 11:58 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-11-28 11:46 . 2009-11-28 12:08 -------- d-----w- c:\program files\Navilog1
2009-11-28 10:45 . 2009-11-28 13:09 -------- d-----w- C:\GenProc
2009-11-26 13:15 . 2009-11-26 13:15 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\IObit
2009-11-26 11:54 . 2009-11-26 11:54 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Uniblue
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Livestation
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Mchid
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Livestation
2009-11-25 20:43 . 2009-11-25 09:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-25 12:32 . 2009-11-25 12:32 149 ----a-w- C:\Delme.bat
2009-11-25 09:29 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-25 09:26 . 2009-11-25 09:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-25 09:26 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-19 09:52 . 2009-11-19 09:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-19 09:51 . 2009-11-19 09:51 152576 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-10 09:18 . 2009-11-10 09:18 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\igraal
2009-11-06 17:10 . 2009-11-06 17:10 -------- d-----w- c:\program files\ZNsoft Corporation
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 09:33 . 2009-09-22 08:04 10457120 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-30 09:13 . 2006-10-17 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-30 08:49 . 2006-12-04 17:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-30 07:45 . 2009-09-22 08:04 122828 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-28 16:18 . 2009-11-28 16:17 1776821 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-11-28 12:17 . 2006-01-02 22:01 -------- d-----w- c:\program files\Google
2009-11-27 18:10 . 2009-11-27 18:11 1788928 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-11-27 18:08 . 2006-12-20 11:09 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-27 17:24 . 2005-10-10 11:39 82066 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-27 17:24 . 2005-10-10 11:39 505658 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-27 16:33 . 2007-03-07 07:23 -------- d-----w- c:\program files\Java
2009-11-27 10:54 . 2008-05-29 12:09 -------- d-----w- c:\program files\WinPcap
2009-11-26 16:34 . 2009-05-29 08:11 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Moniteur neufbox
2009-11-26 15:41 . 2006-10-06 19:29 -------- d-----w- c:\program files\WebExpert3
2009-11-25 17:17 . 2009-09-23 08:18 -------- d-----w- c:\program files\AnimGif3
2009-11-25 14:06 . 2006-01-02 22:05 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-11-25 09:25 . 2008-01-25 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-25 09:25 . 2006-10-06 20:06 -------- d-----w- c:\program files\Lavasoft
2009-11-24 12:57 . 2006-01-02 21:29 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-11-24 12:57 . 2006-01-02 21:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-19 09:39 . 2009-09-23 08:23 -------- d-----w- c:\program files\Popims
2009-11-19 09:38 . 2007-12-25 17:14 -------- d-----w- c:\program files\Panasonic
2009-11-18 16:29 . 2006-10-08 05:49 102976 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 13:47 . 2006-10-14 08:26 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\AdobeUM
2009-11-09 08:06 . 2009-11-10 07:40 859648 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-11-03 20:12 . 2008-07-25 07:50 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\U3
2009-10-29 14:16 . 2009-10-29 14:16 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 07:55 . 2006-10-07 06:13 -------- d-----w- c:\program files\Neuf
2009-10-22 15:42 . 2009-10-22 15:42 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\vlc
2009-10-22 12:45 . 2009-10-22 12:46 1451008 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-10-21 09:44 . 2007-03-17 18:27 -------- d-----w- c:\program files\x264
2009-10-21 09:44 . 2006-10-06 20:31 -------- d-----w- c:\program files\ReadIris
2009-10-21 09:44 . 2008-09-20 15:50 -------- d-----w- c:\program files\9giga Editor
2009-10-21 09:39 . 2009-10-21 09:39 -------- d-----w- c:\program files\DelThumbs
2009-10-14 08:28 . 2006-01-02 21:50 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-10-13 17:00 . 2006-10-16 13:48 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2006-10-17 17:55 . 2006-10-17 17:55 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Clavier+"="c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Clavier+\Clavier.exe" [2007-10-21 88576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-14 7557120]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ehTray"=c:\windows\ehome\ehtray.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
"HPHUPD08"=c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect
"ftutil2"=rundll32.exe ftutil2.dll,SetWriteCacheMode
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe"=
"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
"c:\\Program Files\\FTPExpert\\FTPXpert.exe"=
"c:\\Program Files\\WinPcap\\rpcapd.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25/11/2009 10:29 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2008 07:26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2008 07:26 20560]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [02/01/2006 22:31 2825088]
S2 gupdate1c9d61ef709d730;Service Google Update (gupdate1c9d61ef709d730);c:\program files\Google\Update\GoogleUpdate.exe [16/05/2009 13:07 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1184912]
S3 Elmc2di;Elmc2di; [x]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [29/06/2007 01:01 42512]
.
Contenu du dossier 'Tâches planifiées'
2009-11-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 09:28]
2009-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 12:07]
2009-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 12:07]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\cl1ge2ig.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://arforez.free.fr
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{E5D279DB-2AF6-3524-BCE5-6E6D7D065042} - c:\windows\system32\iq38681.dll
Notify-WgaLogon - (no file)
AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-RealJukebox 1.0 - c:\program files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-TerraExplorer - c:\program files\Skyline\TerraExplorer\Setup.exe [OP]/U
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 10:33
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(1808)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Microsoft Office\Office12\1036\GrooveIntlResource.dll
.
Heure de fin: 2009-11-30 10:36
ComboFix-quarantined-files.txt 2009-11-30 09:36
Avant-CF: 46 044 422 144 octets libres
Après-CF: 46 005 809 152 octets libres
- - End Of File - - 6E0107AEE59C6D3B4F199668AAAA9131
gerard arf
Messages postés
18
Date d'inscription
samedi 28 novembre 2009
Statut
Membre
Dernière intervention
1 décembre 2009
30 nov. 2009 à 13:11
30 nov. 2009 à 13:11
Bonjour,
Personne pour lire ce rapport, eZula est peut-être absent?
Cordialement
gerard arf
Personne pour lire ce rapport, eZula est peut-être absent?
Cordialement
gerard arf
eZula
Messages postés
3392
Date d'inscription
samedi 26 avril 2008
Statut
Contributeur
Dernière intervention
8 mai 2021
392
30 nov. 2009 à 18:34
30 nov. 2009 à 18:34
Relance le encore une fois pour voir s'il trouve autre chose
gerard arf
Messages postés
18
Date d'inscription
samedi 28 novembre 2009
Statut
Membre
Dernière intervention
1 décembre 2009
30 nov. 2009 à 20:31
30 nov. 2009 à 20:31
Voilà le rapport, merci de ton avis
ComboFix 09-11-30.01 - HP_Administrateur 30/11/2009 19:27.5.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.556 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Mes documents\telechargement\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091130-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-28 au 2009-11-30 ))))))))))))))))))))))))))))))))))))
.
2009-11-30 13:57 . 2009-11-30 13:57 -------- d-----w- C:\rsit
2009-11-28 17:08 . 2009-11-28 17:08 -------- d-----w- c:\program files\MSXML 4.0
2009-11-28 13:48 . 2009-11-28 13:48 -------- d-----w- c:\program files\VirusTotalUploader2
2009-11-28 11:58 . 2009-11-28 11:58 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-11-28 11:46 . 2009-11-28 12:08 -------- d-----w- c:\program files\Navilog1
2009-11-28 10:45 . 2009-11-28 13:09 -------- d-----w- C:\GenProc
2009-11-26 13:15 . 2009-11-26 13:15 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\IObit
2009-11-26 11:54 . 2009-11-26 11:54 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Uniblue
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Livestation
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Mchid
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Livestation
2009-11-25 20:43 . 2009-11-25 09:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-25 12:32 . 2009-11-25 12:32 149 ----a-w- C:\Delme.bat
2009-11-25 09:29 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-25 09:26 . 2009-11-25 09:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-25 09:26 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-19 09:52 . 2009-11-19 09:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-19 09:51 . 2009-11-19 09:51 152576 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-10 09:18 . 2009-11-10 09:18 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\igraal
2009-11-06 17:10 . 2009-11-06 17:10 -------- d-----w- c:\program files\ZNsoft Corporation
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 18:37 . 2009-09-22 08:04 10745888 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-30 18:12 . 2009-09-22 08:04 126236 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-30 17:55 . 2006-10-17 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-30 16:49 . 2006-12-04 17:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-28 16:18 . 2009-11-28 16:17 1776821 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-11-28 12:17 . 2006-01-02 22:01 -------- d-----w- c:\program files\Google
2009-11-27 18:10 . 2009-11-27 18:11 1788928 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-11-27 18:08 . 2006-12-20 11:09 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-27 17:24 . 2005-10-10 11:39 82066 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-27 17:24 . 2005-10-10 11:39 505658 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-27 16:33 . 2007-03-07 07:23 -------- d-----w- c:\program files\Java
2009-11-26 16:34 . 2009-05-29 08:11 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Moniteur neufbox
2009-11-26 15:41 . 2006-10-06 19:29 -------- d-----w- c:\program files\WebExpert3
2009-11-25 17:17 . 2009-09-23 08:18 -------- d-----w- c:\program files\AnimGif3
2009-11-25 14:06 . 2006-01-02 22:05 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-11-25 09:25 . 2008-01-25 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-25 09:25 . 2006-10-06 20:06 -------- d-----w- c:\program files\Lavasoft
2009-11-24 12:57 . 2006-01-02 21:29 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-11-24 12:57 . 2006-01-02 21:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-19 09:39 . 2009-09-23 08:23 -------- d-----w- c:\program files\Popims
2009-11-19 09:38 . 2007-12-25 17:14 -------- d-----w- c:\program files\Panasonic
2009-11-18 16:29 . 2006-10-08 05:49 102976 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 13:47 . 2006-10-14 08:26 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\AdobeUM
2009-11-09 08:06 . 2009-11-10 07:40 859648 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-11-03 20:12 . 2008-07-25 07:50 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\U3
2009-10-29 14:16 . 2009-10-29 14:16 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 07:55 . 2006-10-07 06:13 -------- d-----w- c:\program files\Neuf
2009-10-22 15:42 . 2009-10-22 15:42 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\vlc
2009-10-22 12:45 . 2009-10-22 12:46 1451008 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-10-21 09:44 . 2007-03-17 18:27 -------- d-----w- c:\program files\x264
2009-10-21 09:44 . 2006-10-06 20:31 -------- d-----w- c:\program files\ReadIris
2009-10-21 09:44 . 2008-09-20 15:50 -------- d-----w- c:\program files\9giga Editor
2009-10-21 09:39 . 2009-10-21 09:39 -------- d-----w- c:\program files\DelThumbs
2009-10-14 08:28 . 2006-01-02 21:50 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-10-13 17:00 . 2006-10-16 13:48 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2006-10-17 17:55 . 2006-10-17 17:55 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-30_09.33.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-30 18:14 . 2009-11-30 18:14 16384 c:\windows\Temp\Perflib_Perfdata_774.dat
+ 2009-11-30 18:14 . 2009-11-30 18:14 16384 c:\windows\Temp\Perflib_Perfdata_280.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Clavier+"="c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Clavier+\Clavier.exe" [2007-10-21 88576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-14 7557120]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ehTray"=c:\windows\ehome\ehtray.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
"HPHUPD08"=c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect
"ftutil2"=rundll32.exe ftutil2.dll,SetWriteCacheMode
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe"=
"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
"c:\\Program Files\\FTPExpert\\FTPXpert.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25/11/2009 10:29 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2008 07:26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2008 07:26 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1184912]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [02/01/2006 22:31 2825088]
S2 gupdate1c9d61ef709d730;Service Google Update (gupdate1c9d61ef709d730);c:\program files\Google\Update\GoogleUpdate.exe [16/05/2009 13:07 133104]
S3 Elmc2di;Elmc2di; [x]
.
Contenu du dossier 'Tâches planifiées'
2009-11-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 09:28]
2009-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 12:07]
2009-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 12:07]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\cl1ge2ig.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://arforez.free.fr
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
Heure de fin: 2009-11-30 19:41
ComboFix-quarantined-files.txt 2009-11-30 18:40
ComboFix2.txt 2009-11-30 09:36
Avant-CF: 52 567 728 128 octets libres
Après-CF: 52 528 160 768 octets libres
- - End Of File - - EFB928C969135B58BEB6E7F974E4D3BE
ComboFix 09-11-30.01 - HP_Administrateur 30/11/2009 19:27.5.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.556 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Mes documents\telechargement\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091130-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-28 au 2009-11-30 ))))))))))))))))))))))))))))))))))))
.
2009-11-30 13:57 . 2009-11-30 13:57 -------- d-----w- C:\rsit
2009-11-28 17:08 . 2009-11-28 17:08 -------- d-----w- c:\program files\MSXML 4.0
2009-11-28 13:48 . 2009-11-28 13:48 -------- d-----w- c:\program files\VirusTotalUploader2
2009-11-28 11:58 . 2009-11-28 11:58 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-11-28 11:46 . 2009-11-28 12:08 -------- d-----w- c:\program files\Navilog1
2009-11-28 10:45 . 2009-11-28 13:09 -------- d-----w- C:\GenProc
2009-11-26 13:15 . 2009-11-26 13:15 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\IObit
2009-11-26 11:54 . 2009-11-26 11:54 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Uniblue
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Livestation
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Mchid
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Livestation
2009-11-25 20:43 . 2009-11-25 09:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-25 12:32 . 2009-11-25 12:32 149 ----a-w- C:\Delme.bat
2009-11-25 09:29 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-25 09:26 . 2009-11-25 09:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-25 09:26 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-19 09:52 . 2009-11-19 09:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-19 09:51 . 2009-11-19 09:51 152576 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-10 09:18 . 2009-11-10 09:18 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\igraal
2009-11-06 17:10 . 2009-11-06 17:10 -------- d-----w- c:\program files\ZNsoft Corporation
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 18:37 . 2009-09-22 08:04 10745888 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-30 18:12 . 2009-09-22 08:04 126236 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-30 17:55 . 2006-10-17 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-30 16:49 . 2006-12-04 17:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-28 16:18 . 2009-11-28 16:17 1776821 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-11-28 12:17 . 2006-01-02 22:01 -------- d-----w- c:\program files\Google
2009-11-27 18:10 . 2009-11-27 18:11 1788928 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-11-27 18:08 . 2006-12-20 11:09 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-27 17:24 . 2005-10-10 11:39 82066 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-27 17:24 . 2005-10-10 11:39 505658 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-27 16:33 . 2007-03-07 07:23 -------- d-----w- c:\program files\Java
2009-11-26 16:34 . 2009-05-29 08:11 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Moniteur neufbox
2009-11-26 15:41 . 2006-10-06 19:29 -------- d-----w- c:\program files\WebExpert3
2009-11-25 17:17 . 2009-09-23 08:18 -------- d-----w- c:\program files\AnimGif3
2009-11-25 14:06 . 2006-01-02 22:05 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-11-25 09:25 . 2008-01-25 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-25 09:25 . 2006-10-06 20:06 -------- d-----w- c:\program files\Lavasoft
2009-11-24 12:57 . 2006-01-02 21:29 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-11-24 12:57 . 2006-01-02 21:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-19 09:39 . 2009-09-23 08:23 -------- d-----w- c:\program files\Popims
2009-11-19 09:38 . 2007-12-25 17:14 -------- d-----w- c:\program files\Panasonic
2009-11-18 16:29 . 2006-10-08 05:49 102976 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 13:47 . 2006-10-14 08:26 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\AdobeUM
2009-11-09 08:06 . 2009-11-10 07:40 859648 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-11-03 20:12 . 2008-07-25 07:50 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\U3
2009-10-29 14:16 . 2009-10-29 14:16 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 07:55 . 2006-10-07 06:13 -------- d-----w- c:\program files\Neuf
2009-10-22 15:42 . 2009-10-22 15:42 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\vlc
2009-10-22 12:45 . 2009-10-22 12:46 1451008 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-10-21 09:44 . 2007-03-17 18:27 -------- d-----w- c:\program files\x264
2009-10-21 09:44 . 2006-10-06 20:31 -------- d-----w- c:\program files\ReadIris
2009-10-21 09:44 . 2008-09-20 15:50 -------- d-----w- c:\program files\9giga Editor
2009-10-21 09:39 . 2009-10-21 09:39 -------- d-----w- c:\program files\DelThumbs
2009-10-14 08:28 . 2006-01-02 21:50 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-10-13 17:00 . 2006-10-16 13:48 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2006-10-17 17:55 . 2006-10-17 17:55 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-30_09.33.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-30 18:14 . 2009-11-30 18:14 16384 c:\windows\Temp\Perflib_Perfdata_774.dat
+ 2009-11-30 18:14 . 2009-11-30 18:14 16384 c:\windows\Temp\Perflib_Perfdata_280.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Clavier+"="c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Clavier+\Clavier.exe" [2007-10-21 88576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-14 7557120]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ehTray"=c:\windows\ehome\ehtray.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
"HPHUPD08"=c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect
"ftutil2"=rundll32.exe ftutil2.dll,SetWriteCacheMode
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe"=
"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
"c:\\Program Files\\FTPExpert\\FTPXpert.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25/11/2009 10:29 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2008 07:26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2008 07:26 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1184912]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [02/01/2006 22:31 2825088]
S2 gupdate1c9d61ef709d730;Service Google Update (gupdate1c9d61ef709d730);c:\program files\Google\Update\GoogleUpdate.exe [16/05/2009 13:07 133104]
S3 Elmc2di;Elmc2di; [x]
.
Contenu du dossier 'Tâches planifiées'
2009-11-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 09:28]
2009-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 12:07]
2009-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 12:07]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\cl1ge2ig.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://arforez.free.fr
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
Heure de fin: 2009-11-30 19:41
ComboFix-quarantined-files.txt 2009-11-30 18:40
ComboFix2.txt 2009-11-30 09:36
Avant-CF: 52 567 728 128 octets libres
Après-CF: 52 528 160 768 octets libres
- - End Of File - - EFB928C969135B58BEB6E7F974E4D3BE
eZula
Messages postés
3392
Date d'inscription
samedi 26 avril 2008
Statut
Contributeur
Dernière intervention
8 mai 2021
392
30 nov. 2009 à 23:07
30 nov. 2009 à 23:07
fais ce scan en ligne (coche toutes les cases à chaque fois) https://www.eset.com/
A la fin, colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt
A la fin, colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt