A voir également:
- Probleme avec security tool
- Hp format tool - Télécharger - Stockage
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Media creation tool - Télécharger - Systèmes d'exploitation
- Daemon tool - Télécharger - Émulation & Virtualisation
- Paint tool sai 2 - Télécharger - Photo & Graphisme
2 réponses
flo-91
Messages postés
5646
Date d'inscription
mardi 19 mai 2009
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2019
1 118
30 déc. 2009 à 13:41
30 déc. 2009 à 13:41
Bonjour, :
1-> Télécharge Rkill ( de Grinler ) sur ton bureau :
https://download.bleepingcomputer.com/grinler/rkill.exe
/!\ Désactive toutes tes protections résidentes ( Antivirus, Antispyware, Pare-Feu ) /!\
> Double clique sur rkill ( présent sur ton bureau ) ou clique droit -> Executer en tant qu'administrateur ( utilisateurs de vista/7 )
> Une fenêtre sur fond noir s'ouvrira rapidement puis disparaîtra, c'est normal.
2->Telecharge Combofix ici et enregistre le sur ton bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
# Ferme toutes les fenêtres de programme ouvertes, y compris celle-ci.
# Ferme ou désactivez tous les programmes Antivirus, Antispyware, ainsi que tout pare-feu en cours d'exécution car ils pourraient perturber le fonctionnement de ComboFix.
#Double clic sur l'icône de ComboFix située sur le Bureau. Note bien que, une fois que tu as lancé ComboFix, tu ne dois pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme. En fait, lorsque ComboFix tourne, ne touche plus du tout à ton pc. L'analyse peut prendre un certain temps, donc soit patient.
#Une fenêtre présentant les différents sites autorisés de téléchargement de ComboFix s'affiche. Dans cette fenêtre, clique sur le bouton OK.
#Après la fin de la sauvegarde du Registre Windows, ComboFix va essayer de savoir si la Console de récupération est installée. Si tu ne l'a pas déja fait accepte.
#Ceci peut durer un certain temps, donc surtout soit patient. Si tu vois ton Bureau Windows disparaître, ne t'inquiete pas. C'est normal, et ComboFix restaurera votre Bureau avant de se terminer. Finalement, tu verras un nouvel affichage déclarant que le programme a presque fini et vous annonçant que le fichier rapport, ou log, se trouvera dans C:\ComboFix.txt.
#Poste ce rapport.
1-> Télécharge Rkill ( de Grinler ) sur ton bureau :
https://download.bleepingcomputer.com/grinler/rkill.exe
/!\ Désactive toutes tes protections résidentes ( Antivirus, Antispyware, Pare-Feu ) /!\
> Double clique sur rkill ( présent sur ton bureau ) ou clique droit -> Executer en tant qu'administrateur ( utilisateurs de vista/7 )
> Une fenêtre sur fond noir s'ouvrira rapidement puis disparaîtra, c'est normal.
2->Telecharge Combofix ici et enregistre le sur ton bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
# Ferme toutes les fenêtres de programme ouvertes, y compris celle-ci.
# Ferme ou désactivez tous les programmes Antivirus, Antispyware, ainsi que tout pare-feu en cours d'exécution car ils pourraient perturber le fonctionnement de ComboFix.
#Double clic sur l'icône de ComboFix située sur le Bureau. Note bien que, une fois que tu as lancé ComboFix, tu ne dois pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme. En fait, lorsque ComboFix tourne, ne touche plus du tout à ton pc. L'analyse peut prendre un certain temps, donc soit patient.
#Une fenêtre présentant les différents sites autorisés de téléchargement de ComboFix s'affiche. Dans cette fenêtre, clique sur le bouton OK.
#Après la fin de la sauvegarde du Registre Windows, ComboFix va essayer de savoir si la Console de récupération est installée. Si tu ne l'a pas déja fait accepte.
#Ceci peut durer un certain temps, donc surtout soit patient. Si tu vois ton Bureau Windows disparaître, ne t'inquiete pas. C'est normal, et ComboFix restaurera votre Bureau avant de se terminer. Finalement, tu verras un nouvel affichage déclarant que le programme a presque fini et vous annonçant que le fichier rapport, ou log, se trouvera dans C:\ComboFix.txt.
#Poste ce rapport.
flo-91
Messages postés
5646
Date d'inscription
mardi 19 mai 2009
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2019
1 118
7 janv. 2010 à 21:31
7 janv. 2010 à 21:31
Audrey, tu na pas fait ce que je t'ai demandé, passe un coup de Combofix comme indiqué.
Bonjour,
J'ai eu le même soucis qu'Audrey voici mon rapport avec Malwarebytes' Anti-Malware 1.44 :
Version de la base de données: 3828
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
06/03/2010 17:38:02
mbam-log-2010-03-06 (17-38-02).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 336504
Temps écoulé: 1 hour(s), 34 minute(s), 38 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\ProgramData\43934730 (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\ProgramData\43934730\43934730.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\benoit\AppData\Local\Temp\~TM8932.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winesm32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\benoit\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
J'aurais besoin d'être guidé pour utiliser ComboFix et ce qui suit s'il vous plait. Merci
J'ai eu le même soucis qu'Audrey voici mon rapport avec Malwarebytes' Anti-Malware 1.44 :
Version de la base de données: 3828
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
06/03/2010 17:38:02
mbam-log-2010-03-06 (17-38-02).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 336504
Temps écoulé: 1 hour(s), 34 minute(s), 38 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\ProgramData\43934730 (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\ProgramData\43934730\43934730.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\benoit\AppData\Local\Temp\~TM8932.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winesm32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\benoit\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
J'aurais besoin d'être guidé pour utiliser ComboFix et ce qui suit s'il vous plait. Merci
En suivant des instructions j'ai obtenu ce rapport avec ComboFix :
ComboFix 10-03-05.06 - benoit 06/03/2010 18:54:20.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2037.1242 [GMT 1:00]
Lancé depuis: c:\users\benoit\Desktop\CCM.exe.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1143961116-643972926-3565618166-500
c:\users\benoit\AppData\Roaming\.#
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-06 au 2010-03-06 ))))))))))))))))))))))))))))))))))))
.
2010-03-06 18:02 . 2010-03-06 18:02 -------- d-----w- c:\users\benoit\AppData\Local\temp
2010-03-06 18:02 . 2010-03-06 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-06 17:12 . 2010-03-06 17:12 -------- d--h--w- c:\windows\PIF
2010-03-06 12:41 . 2010-03-06 12:41 -------- d-----w- c:\users\benoit\AppData\Roaming\Malwarebytes
2010-03-06 12:41 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 12:41 . 2010-03-06 12:41 -------- d-----w- c:\programdata\Malwarebytes
2010-03-06 12:41 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 12:41 . 2010-03-06 12:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 12:45 . 2010-03-01 12:45 -------- d-----w- c:\program files\iPod
2010-03-01 12:41 . 2010-03-01 12:41 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-24 17:27 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 17:25 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 17:25 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 17:25 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 17:25 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 17:25 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 17:25 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 17:25 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 17:25 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 17:25 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 17:32 . 2006-11-02 15:48 672322 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-06 17:32 . 2006-11-02 15:48 124434 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-06 17:24 . 2008-06-02 20:24 -------- d-----w- c:\users\benoit\AppData\Roaming\OpenOffice.org2
2010-03-06 17:23 . 2009-05-17 13:04 -------- d-----w- c:\program files\Steam
2010-03-04 22:04 . 2010-03-04 22:04 16 ----a-w- c:\users\benoit\AppData\Roaming\rbuwzv.dat
2010-03-01 12:45 . 2007-10-13 09:02 -------- d-----w- c:\program files\Common Files\Apple
2010-02-25 20:58 . 2007-09-28 19:07 120400 ----a-w- c:\users\benoit\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 18:23 . 2010-01-31 13:17 -------- d-----w- c:\program files\PokerStars
2010-02-24 08:16 . 2009-10-02 18:45 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 21:46 . 2010-02-19 21:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-02-11 21:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-11 20:19 . 2007-10-13 10:17 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-11 17:11 . 2007-07-15 06:29 -------- d-----w- c:\programdata\Microsoft Help
2010-02-10 17:50 . 2009-12-03 16:40 -------- d-----w- c:\users\benoit\AppData\Roaming\Dofus 2
2010-01-01 12:40 . 2009-12-02 21:03 38784 ----a-w- c:\users\benoit\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-01 12:40 . 2009-12-02 21:03 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-28 12:35 . 2010-02-10 13:12 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 13:12 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 13:12 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 13:12 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 13:12 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 13:12 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 13:12 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 13:12 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 13:12 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-10 13:12 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-24 16:53 . 2009-12-24 16:53 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-22 13:38 . 2009-12-22 13:38 158564 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-18 13:05 . 2010-01-22 10:20 833024 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:01 . 2010-01-22 10:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 10:14 . 2010-01-22 10:20 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-16 13:42 . 2009-12-21 22:47 872960 ----a-w- c:\users\benoit\AppData\Roaming\Mozilla\Firefox\Profiles\t5pwslld.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 13:42 . 2009-12-21 22:47 43008 ----a-w- c:\users\benoit\AppData\Roaming\Mozilla\Firefox\Profiles\t5pwslld.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 13:42 . 2009-12-21 22:47 340480 ----a-w- c:\users\benoit\AppData\Roaming\Mozilla\Firefox\Profiles\t5pwslld.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 13:41 . 2009-12-21 22:47 346624 ----a-w- c:\users\benoit\AppData\Roaming\Mozilla\Firefox\Profiles\t5pwslld.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-14 17:43 . 2008-06-02 20:25 1 ----a-w- c:\users\benoit\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-12-11 12:07 . 2010-02-10 13:12 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 13:12 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 13:12 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 13:12 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 13:12 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 857648]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-10 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
c:\users\benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - c:\users\benoit\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2009-3-18 143360]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WiFi Station pour Livebox.lnk - c:\program files\Hercules\WiFi Station pour Livebox\WiFiLB.exe [2008-8-2 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^benoit^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 16:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCsoft Launcher]
2010-02-09 10:07 38184 ----a-w- c:\program files\NCsoft\Launcher\NCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-20 09:55 1217872 ----a-w- c:\program files\Steam\steam.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://eslgameplazza.powerchallenge.com/applet/PowerLoader.cab
FF - ProfilePath - c:\users\benoit\AppData\Roaming\Mozilla\Firefox\Profiles\t5pwslld.default\
FF - prefs.js: browser.startup.homepage - www.facebook.fr
FF - component: c:\users\benoit\AppData\Roaming\Mozilla\Firefox\Profiles\t5pwslld.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-toolbar_eula_launcher - c:\program files\GoogleEULA\EULALauncher.exe
MSConfigStartUp-43934730 - c:\programdata\43934730\43934730.exe
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
AddRemove-Pacific Poker - c:\progra~1\PACIFI~1\UNWISE.EXE
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 19:02
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-61601254-1175945378-4146166189-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D089FAD1-11E0-F96A-A3E5-E6DE1DA34C22}*]
"hanhdbnbifhcdoea"=hex:6a,61,63,64,65,6b,65,63,66,65,6a,64,66,6c,6a,69,6e,67,
67,70,00,e9
"iadcfnedebjfgjlbgc"=hex:6a,61,63,64,65,6b,65,63,66,65,6a,64,66,6c,6a,69,6e,67,
67,70,00,03
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2010-03-06 19:06:19
ComboFix-quarantined-files.txt 2010-03-06 18:06
Avant-CF: 33 867 845 632 octets libres
Après-CF: 34 998 566 912 octets libres
- - End Of File - - 1CDD46579354ED6CEBB734E6C0CD50A6
Si quelqu'un peut m'éclairer et me dire si j'ai encore quelque chose à faire ou pas ça serait sympathique.
Merci
ComboFix 10-03-05.06 - benoit 06/03/2010 18:54:20.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2037.1242 [GMT 1:00]
Lancé depuis: c:\users\benoit\Desktop\CCM.exe.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1143961116-643972926-3565618166-500
c:\users\benoit\AppData\Roaming\.#
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-06 au 2010-03-06 ))))))))))))))))))))))))))))))))))))
.
2010-03-06 18:02 . 2010-03-06 18:02 -------- d-----w- c:\users\benoit\AppData\Local\temp
2010-03-06 18:02 . 2010-03-06 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-06 17:12 . 2010-03-06 17:12 -------- d--h--w- c:\windows\PIF
2010-03-06 12:41 . 2010-03-06 12:41 -------- d-----w- c:\users\benoit\AppData\Roaming\Malwarebytes
2010-03-06 12:41 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 12:41 . 2010-03-06 12:41 -------- d-----w- c:\programdata\Malwarebytes
2010-03-06 12:41 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 12:41 . 2010-03-06 12:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 12:45 . 2010-03-01 12:45 -------- d-----w- c:\program files\iPod
2010-03-01 12:41 . 2010-03-01 12:41 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-24 17:27 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 17:25 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 17:25 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 17:25 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 17:25 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 17:25 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 17:25 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 17:25 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 17:25 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 17:25 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 17:32 . 2006-11-02 15:48 672322 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-06 17:32 . 2006-11-02 15:48 124434 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-06 17:24 . 2008-06-02 20:24 -------- d-----w- c:\users\benoit\AppData\Roaming\OpenOffice.org2
2010-03-06 17:23 . 2009-05-17 13:04 -------- d-----w- c:\program files\Steam
2010-03-04 22:04 . 2010-03-04 22:04 16 ----a-w- c:\users\benoit\AppData\Roaming\rbuwzv.dat
2010-03-01 12:45 . 2007-10-13 09:02 -------- d-----w- c:\program files\Common Files\Apple
2010-02-25 20:58 . 2007-09-28 19:07 120400 ----a-w- c:\users\benoit\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 18:23 . 2010-01-31 13:17 -------- d-----w- c:\program files\PokerStars
2010-02-24 08:16 . 2009-10-02 18:45 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 21:46 . 2010-02-19 21:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-02-11 21:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-11 20:19 . 2007-10-13 10:17 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-11 17:11 . 2007-07-15 06:29 -------- d-----w- c:\programdata\Microsoft Help
2010-02-10 17:50 . 2009-12-03 16:40 -------- d-----w- c:\users\benoit\AppData\Roaming\Dofus 2
2010-01-01 12:40 . 2009-12-02 21:03 38784 ----a-w- c:\users\benoit\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-01 12:40 . 2009-12-02 21:03 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-28 12:35 . 2010-02-10 13:12 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 13:12 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 13:12 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 13:12 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 13:12 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 13:12 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 13:12 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 13:12 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 13:12 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-10 13:12 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-24 16:53 . 2009-12-24 16:53 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-22 13:38 . 2009-12-22 13:38 158564 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-18 13:05 . 2010-01-22 10:20 833024 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:01 . 2010-01-22 10:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 10:14 . 2010-01-22 10:20 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-16 13:42 . 2009-12-21 22:47 872960 ----a-w- c:\users\benoit\AppData\Roaming\Mozilla\Firefox\Profiles\t5pwslld.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 13:42 . 2009-12-21 22:47 43008 ----a-w- c:\users\benoit\AppData\Roaming\Mozilla\Firefox\Profiles\t5pwslld.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 13:42 . 2009-12-21 22:47 340480 ----a-w- c:\users\benoit\AppData\Roaming\Mozilla\Firefox\Profiles\t5pwslld.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 13:41 . 2009-12-21 22:47 346624 ----a-w- c:\users\benoit\AppData\Roaming\Mozilla\Firefox\Profiles\t5pwslld.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-14 17:43 . 2008-06-02 20:25 1 ----a-w- c:\users\benoit\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-12-11 12:07 . 2010-02-10 13:12 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 13:12 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 13:12 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 13:12 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 13:12 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 857648]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-10 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
c:\users\benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - c:\users\benoit\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2009-3-18 143360]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WiFi Station pour Livebox.lnk - c:\program files\Hercules\WiFi Station pour Livebox\WiFiLB.exe [2008-8-2 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^benoit^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 16:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCsoft Launcher]
2010-02-09 10:07 38184 ----a-w- c:\program files\NCsoft\Launcher\NCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-20 09:55 1217872 ----a-w- c:\program files\Steam\steam.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://eslgameplazza.powerchallenge.com/applet/PowerLoader.cab
FF - ProfilePath - c:\users\benoit\AppData\Roaming\Mozilla\Firefox\Profiles\t5pwslld.default\
FF - prefs.js: browser.startup.homepage - www.facebook.fr
FF - component: c:\users\benoit\AppData\Roaming\Mozilla\Firefox\Profiles\t5pwslld.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-toolbar_eula_launcher - c:\program files\GoogleEULA\EULALauncher.exe
MSConfigStartUp-43934730 - c:\programdata\43934730\43934730.exe
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
AddRemove-Pacific Poker - c:\progra~1\PACIFI~1\UNWISE.EXE
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 19:02
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-61601254-1175945378-4146166189-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D089FAD1-11E0-F96A-A3E5-E6DE1DA34C22}*]
"hanhdbnbifhcdoea"=hex:6a,61,63,64,65,6b,65,63,66,65,6a,64,66,6c,6a,69,6e,67,
67,70,00,e9
"iadcfnedebjfgjlbgc"=hex:6a,61,63,64,65,6b,65,63,66,65,6a,64,66,6c,6a,69,6e,67,
67,70,00,03
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2010-03-06 19:06:19
ComboFix-quarantined-files.txt 2010-03-06 18:06
Avant-CF: 33 867 845 632 octets libres
Après-CF: 34 998 566 912 octets libres
- - End Of File - - 1CDD46579354ED6CEBB734E6C0CD50A6
Si quelqu'un peut m'éclairer et me dire si j'ai encore quelque chose à faire ou pas ça serait sympathique.
Merci
30 déc. 2009 à 22:49
Voici le rapport:
Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
30/12/2009 22:46:25
mbam-log-2009-12-30 (22-46-25).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 193359
Temps écoulé: 46 minute(s), 44 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 10
Processus mémoire infecté(s):
C:\documents and settings\Audrey\local settings\application data\hblfgajd.exe (Adware.Navipromo.H) -> Unloaded process successfully.
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hblfgajd (Adware.Navipromo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon (Trojan.Dropper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\15507422 (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Audrey\Local Settings\Application Data\hblfgajd_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey\Local Settings\Application Data\hblfgajd_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey\Local Settings\Application Data\hblfgajd.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey\Local Settings\Application Data\hblfgajd.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey\Local Settings\Temp\TMPD.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey\Local Settings\Temporary Internet Files\Content.IE5\GWZB283F\wcap[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\15507422\15507422.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey\Bureau\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey\Menu Démarrer\Programmes\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
7 janv. 2010 à 21:30
alors je suis allé voir la procédure sur google et j'ai vu la solution
je l'ai lancé en mode sans echec puis j'ai executé combofix
IMPECCABLE !!! 30 minutes de maintenance.
mon PC est néttoyé et tourne mieux qu'avant
merci infiniment