Windows security alert
apis2444
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
une fenêtre est apparue sur mon écran "windows security alert" toute en anglais naturellement et prétendant que j'avais des centaines de trojans/virus et autres joyeusetés et une autre petite fenêtre c'est ouverte me demandant d'exécuter "Setup_2006-51.exe" chose que je me suis empressé de ne pas exécuter et je suis allé sur votre site pour y trouver une réponse, dont je vous transmet le résultat, pouvez-vous me dire si je dois encore exécuter une autre opération...merci d'avance
apis2444
ComboFix 10-01-16.04 - PIRON 18/01/2010 0:13.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1534.910 [GMT 1:00]
Lancé depuis: c:\documents and settings\PIRON\Bureau\telecharger\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 100117-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\PIRON\Application Data\inst.exe
c:\program files\Registry_Doktor 4.1
c:\program files\Registry_Doktor 4.1\definitions\200812.cab
c:\program files\Registry_Doktor 4.1\ScheduleAP.txt
c:\program files\Registry_Doktor 4.1\Task.dat
c:\program files\Registry_Doktor 4.1\unins000.dat
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-17 au 2010-01-17 ))))))))))))))))))))))))))))))))))))
.
2010-01-16 11:18 . 2010-01-16 11:18 128 ----a-w- c:\documents and settings\PIRON\Local Settings\Application Data\fusioncache.dat
2010-01-16 11:17 . 2010-01-16 11:20 -------- d-----w- c:\documents and settings\PIRON\Local Settings\Application Data\ApplicationHistory
2010-01-15 11:53 . 2010-01-15 11:53 -------- d-----w- c:\windows\system32\URTTEMP
2010-01-13 19:07 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 20:26 . 2009-10-14 10:09 1 ----a-w- c:\documents and settings\PIRON\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-16 15:03 . 2009-07-18 10:30 -------- d-----w- c:\documents and settings\PIRON\Application Data\HPAppData
2010-01-16 00:33 . 2006-03-02 12:00 92300 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-16 00:33 . 2006-03-02 12:00 527702 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-13 22:13 . 2007-07-25 20:47 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-06 18:31 . 2007-12-02 01:07 -------- d-----w- c:\program files\RenMultiFiles Pro
2010-01-06 18:18 . 2009-12-03 12:47 -------- d-----w- c:\program files\Glary Utilities
2009-12-31 12:45 . 2009-08-20 18:24 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-15 22:57 . 2009-08-20 18:29 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-12-15 22:57 . 2009-08-20 18:29 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-12-15 11:01 . 2009-12-15 11:01 -------- d-----w- c:\program files\Conduit
2009-12-15 11:01 . 2009-12-15 11:01 -------- d-----w- c:\program files\myBabylon_English
2009-12-10 23:32 . 2009-12-10 23:30 -------- d-----w- c:\program files\Bing Bar Installer
2009-12-10 23:32 . 2009-12-10 23:32 -------- d-----w- c:\program files\MSN Toolbar
2009-12-03 12:49 . 2009-12-03 12:49 -------- d-----w- c:\documents and settings\PIRON\Application Data\GlarySoft
2009-12-03 12:47 . 2009-12-03 12:47 -------- d-----w- c:\program files\AskBarDis
2009-11-29 23:36 . 2007-08-02 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-24 23:54 . 2009-07-29 20:41 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-07-29 20:41 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-07-29 20:41 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-07-29 20:41 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-07-29 20:41 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-07-29 20:41 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 08:55 . 2009-11-22 08:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData
2009-11-21 15:58 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 23:47 . 2009-09-06 23:43 1335584 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-20 22:03 . 2009-08-27 21:34 -------- d-----w- c:\documents and settings\PIRON\Application Data\HpUpdate
2009-11-20 15:30 . 2007-07-24 17:48 226936 ----a-w- c:\documents and settings\PIRON\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-13 22:28 . 2009-11-13 22:19 78334 ----a-w- c:\windows\hpqins05.dat
2009-11-06 21:30 . 2009-11-06 21:30 363008 ----a-w- c:\windows\system32\svchost64.exe
2009-11-04 07:54 . 2009-11-04 07:54 152576 ----a-w- c:\documents and settings\PIRON\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 07:42 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ------w- c:\windows\system32\drivers\http.sys
2008-09-08 22:15 . 2008-09-08 22:15 14290 ----a-w- c:\program files\settings.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 16:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-11-09 2331672]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2007-07-26 11:17 73728 ------w- c:\windows\system32\VirtualExpander\VEShellExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WahOO"="c:\documents and settings\PIRON\Local Settings\Application Data\WahOO\WahOO.exe" [2009-12-07 1841152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-08-03 53248]
"S3Trayp"="S3trayp.exe" [2006-07-10 176128]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1051.0\mswinext.exe" [2009-11-13 243032]
"Corel Photo Downloader"="c:\program files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-03-02 44544]
c:\documents and settings\PIRON\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
VirtualExpander.lnk - c:\windows\system32\VirtualExpander\VirtualExpander.exe [2007-7-26 430080]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-11 67128]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\PIRON\Application Data\iolo"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Corel File Shell Monitor"=c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"ArcSoft Connection Service"=c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [14/02/2008 21:48 9344]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [24/07/2007 15:58 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29/07/2009 21:41 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/07/2009 21:41 20560]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [14/02/2008 21:48 433920]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [24/07/2007 15:58 659456]
S2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [25/09/1998 9:55 52800]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 16:13 234864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'
2010-01-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-12-03 11:09]
2010-01-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
2010-01-17 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 20:18]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\PIRON\Application Data\Mozilla\Firefox\Profiles\slwwg4ro.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-be&FORM=MICJE4&q=
FF - component: c:\documents and settings\PIRON\Application Data\Mozilla\Firefox\Profiles\slwwg4ro.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\MSN Toolbar\Platform\5.0.1051.0\Firefox\components\DomBridge.dll
FF - plugin: c:\documents and settings\PIRON\Application Data\Mozilla\Firefox\Profiles\slwwg4ro.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin9.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1051.0\npwinext.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 00:24
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1957994488-179605362-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F67E606A-C8E1-A3B4-4991-4B3C9984673F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadnahfdbgidlijpjg"=hex:6b,61,70,68,6c,67,63,6f,64,65,61,62,66,70,6c,69,6f,66,
69,70,67,68,00,00
"hajmkmaboiojofcd"=hex:6b,61,70,68,6c,67,63,6f,64,65,61,62,66,70,6c,69,6f,66,
69,70,67,68,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(9992)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\VirtualExpander\VEShellExt.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\PSIService.exe
c:\program files\Fichiers communs\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\S3trayp.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
c:\program files\OpenOffice.org 3\program\soffice.exeS
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Desktop Search\WindowsSearchIndexer.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Windows Desktop Search\WindowsSearchFilter.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-01-18 00:32:02 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-17 23:31
Avant-CF: 254.147.809.280 octets libres
Après-CF: 254.170.431.488 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
Current=3 Default=3 Failed=4 LastKnownGood=2 Sets=1,2,3,4
- - End Of File - - 6A9D452273B45F2C57B9B8B1393A7562
une fenêtre est apparue sur mon écran "windows security alert" toute en anglais naturellement et prétendant que j'avais des centaines de trojans/virus et autres joyeusetés et une autre petite fenêtre c'est ouverte me demandant d'exécuter "Setup_2006-51.exe" chose que je me suis empressé de ne pas exécuter et je suis allé sur votre site pour y trouver une réponse, dont je vous transmet le résultat, pouvez-vous me dire si je dois encore exécuter une autre opération...merci d'avance
apis2444
ComboFix 10-01-16.04 - PIRON 18/01/2010 0:13.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1534.910 [GMT 1:00]
Lancé depuis: c:\documents and settings\PIRON\Bureau\telecharger\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 100117-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\PIRON\Application Data\inst.exe
c:\program files\Registry_Doktor 4.1
c:\program files\Registry_Doktor 4.1\definitions\200812.cab
c:\program files\Registry_Doktor 4.1\ScheduleAP.txt
c:\program files\Registry_Doktor 4.1\Task.dat
c:\program files\Registry_Doktor 4.1\unins000.dat
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-17 au 2010-01-17 ))))))))))))))))))))))))))))))))))))
.
2010-01-16 11:18 . 2010-01-16 11:18 128 ----a-w- c:\documents and settings\PIRON\Local Settings\Application Data\fusioncache.dat
2010-01-16 11:17 . 2010-01-16 11:20 -------- d-----w- c:\documents and settings\PIRON\Local Settings\Application Data\ApplicationHistory
2010-01-15 11:53 . 2010-01-15 11:53 -------- d-----w- c:\windows\system32\URTTEMP
2010-01-13 19:07 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 20:26 . 2009-10-14 10:09 1 ----a-w- c:\documents and settings\PIRON\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-16 15:03 . 2009-07-18 10:30 -------- d-----w- c:\documents and settings\PIRON\Application Data\HPAppData
2010-01-16 00:33 . 2006-03-02 12:00 92300 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-16 00:33 . 2006-03-02 12:00 527702 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-13 22:13 . 2007-07-25 20:47 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-06 18:31 . 2007-12-02 01:07 -------- d-----w- c:\program files\RenMultiFiles Pro
2010-01-06 18:18 . 2009-12-03 12:47 -------- d-----w- c:\program files\Glary Utilities
2009-12-31 12:45 . 2009-08-20 18:24 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-15 22:57 . 2009-08-20 18:29 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-12-15 22:57 . 2009-08-20 18:29 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-12-15 11:01 . 2009-12-15 11:01 -------- d-----w- c:\program files\Conduit
2009-12-15 11:01 . 2009-12-15 11:01 -------- d-----w- c:\program files\myBabylon_English
2009-12-10 23:32 . 2009-12-10 23:30 -------- d-----w- c:\program files\Bing Bar Installer
2009-12-10 23:32 . 2009-12-10 23:32 -------- d-----w- c:\program files\MSN Toolbar
2009-12-03 12:49 . 2009-12-03 12:49 -------- d-----w- c:\documents and settings\PIRON\Application Data\GlarySoft
2009-12-03 12:47 . 2009-12-03 12:47 -------- d-----w- c:\program files\AskBarDis
2009-11-29 23:36 . 2007-08-02 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-24 23:54 . 2009-07-29 20:41 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-07-29 20:41 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-07-29 20:41 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-07-29 20:41 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-07-29 20:41 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-07-29 20:41 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 08:55 . 2009-11-22 08:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData
2009-11-21 15:58 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 23:47 . 2009-09-06 23:43 1335584 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-20 22:03 . 2009-08-27 21:34 -------- d-----w- c:\documents and settings\PIRON\Application Data\HpUpdate
2009-11-20 15:30 . 2007-07-24 17:48 226936 ----a-w- c:\documents and settings\PIRON\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-13 22:28 . 2009-11-13 22:19 78334 ----a-w- c:\windows\hpqins05.dat
2009-11-06 21:30 . 2009-11-06 21:30 363008 ----a-w- c:\windows\system32\svchost64.exe
2009-11-04 07:54 . 2009-11-04 07:54 152576 ----a-w- c:\documents and settings\PIRON\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 07:42 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ------w- c:\windows\system32\drivers\http.sys
2008-09-08 22:15 . 2008-09-08 22:15 14290 ----a-w- c:\program files\settings.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 16:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-11-09 2331672]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2007-07-26 11:17 73728 ------w- c:\windows\system32\VirtualExpander\VEShellExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WahOO"="c:\documents and settings\PIRON\Local Settings\Application Data\WahOO\WahOO.exe" [2009-12-07 1841152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-08-03 53248]
"S3Trayp"="S3trayp.exe" [2006-07-10 176128]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1051.0\mswinext.exe" [2009-11-13 243032]
"Corel Photo Downloader"="c:\program files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-03-02 44544]
c:\documents and settings\PIRON\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
VirtualExpander.lnk - c:\windows\system32\VirtualExpander\VirtualExpander.exe [2007-7-26 430080]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-11 67128]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\PIRON\Application Data\iolo"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Corel File Shell Monitor"=c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"ArcSoft Connection Service"=c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [14/02/2008 21:48 9344]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [24/07/2007 15:58 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29/07/2009 21:41 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/07/2009 21:41 20560]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [14/02/2008 21:48 433920]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [24/07/2007 15:58 659456]
S2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [25/09/1998 9:55 52800]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 16:13 234864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'
2010-01-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-12-03 11:09]
2010-01-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
2010-01-17 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 20:18]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\PIRON\Application Data\Mozilla\Firefox\Profiles\slwwg4ro.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-be&FORM=MICJE4&q=
FF - component: c:\documents and settings\PIRON\Application Data\Mozilla\Firefox\Profiles\slwwg4ro.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\MSN Toolbar\Platform\5.0.1051.0\Firefox\components\DomBridge.dll
FF - plugin: c:\documents and settings\PIRON\Application Data\Mozilla\Firefox\Profiles\slwwg4ro.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin9.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1051.0\npwinext.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 00:24
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1957994488-179605362-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F67E606A-C8E1-A3B4-4991-4B3C9984673F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadnahfdbgidlijpjg"=hex:6b,61,70,68,6c,67,63,6f,64,65,61,62,66,70,6c,69,6f,66,
69,70,67,68,00,00
"hajmkmaboiojofcd"=hex:6b,61,70,68,6c,67,63,6f,64,65,61,62,66,70,6c,69,6f,66,
69,70,67,68,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(9992)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\VirtualExpander\VEShellExt.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\PSIService.exe
c:\program files\Fichiers communs\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\S3trayp.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
c:\program files\OpenOffice.org 3\program\soffice.exeS
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Desktop Search\WindowsSearchIndexer.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Windows Desktop Search\WindowsSearchFilter.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-01-18 00:32:02 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-17 23:31
Avant-CF: 254.147.809.280 octets libres
Après-CF: 254.170.431.488 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
Current=3 Default=3 Failed=4 LastKnownGood=2 Sets=1,2,3,4
- - End Of File - - 6A9D452273B45F2C57B9B8B1393A7562
A voir également:
- Windows security alert
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Clé windows 8 - Guide
- Montage video gratuit windows - Guide
- Windows ne démarre pas - Guide
- Windows movie maker - Télécharger - Montage & Édition
1 réponse
salut :
▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option "L" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option "L" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
