A voir également:
- Lenteurs security tool
- Hp format tool - Télécharger - Stockage
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Media creation tool - Télécharger - Systèmes d'exploitation
- Daemon tool - Télécharger - Émulation & Virtualisation
- Paint tool sai 2 - Télécharger - Photo & Graphisme
12 réponses
Utilisateur anonyme
2 avril 2010 à 12:51
2 avril 2010 à 12:51
Va dans Executer pusi tape msconfig et clique sur l'onglet "démarrage" et décoche les programmes dont tu n'as pas l'utilité.
Ensuite quel est ton PC?quelle marque?Quel système d'exploitation?
Aussi désinstalle les programmes dont tu ne te sert pas.
Fait un scan complet avec Avira AntiVir Personnal Free ;)
Ensuite quel est ton PC?quelle marque?Quel système d'exploitation?
Aussi désinstalle les programmes dont tu ne te sert pas.
Fait un scan complet avec Avira AntiVir Personnal Free ;)
Utilisateur anonyme
2 avril 2010 à 20:07
2 avril 2010 à 20:07
Bon alors fait un scan complet avec Avira AntiVir Premium Security Suite (la version démo, tu t'en doutes ;)
https://www.01net.com/telecharger/
Lorsque le scan est terminé, clique sur "Rapport" et copie le rapport et colle le dans ta réponse.
https://www.01net.com/telecharger/
Lorsque le scan est terminé, clique sur "Rapport" et copie le rapport et colle le dans ta réponse.
Utilisateur anonyme
2 avril 2010 à 20:11
2 avril 2010 à 20:11
Bonsoir evrion
Peux-tu poster ton rapport Combofix stp ?
Tu peux si tu ne l'a pas supprimé le retrouver ici :
C:\ComboFix.txt
a+
Peux-tu poster ton rapport Combofix stp ?
Tu peux si tu ne l'a pas supprimé le retrouver ici :
C:\ComboFix.txt
a+
voici :
ComboFix 10-03-26.02 - Administrateur 27/03/2010 17:14:59.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.215 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur.LSDBOT-II\Bureau\ccm.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-343818398-1614895754-839522115-500
c:\recycler\S-1-5-21-842925246-162531612-839522115-1003
c:\windows\Mafia
c:\windows\Mafia \uninstall.exe
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\msconfig.exe
c:\windows\twain_16.dll
F:\Autorun.inf
----- BITS: Il y a peut-être des sites infectés -----
hxxp://designer.extrafilm.be
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-27 au 2010-03-27 ))))))))))))))))))))))))))))))))))))
.
2010-03-26 13:34 . 2010-03-26 13:34 -------- d-----w- c:\program files\CCleaner
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Malwarebytes
2010-03-23 18:45 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-03-23 18:45 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 18:37 . 2010-03-23 18:37 -------- d-----w- c:\program files\Enigma Software Group
2010-03-04 19:30 . 2010-03-04 19:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FNET
2010-03-04 19:30 . 2010-03-04 19:30 7936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2010-03-04 19:30 . 2010-03-04 19:30 23680 ----a-w- c:\windows\system32\drivers\fnettboh.sys
2010-03-04 19:30 . 2010-03-04 19:30 -------- d-----w- c:\program files\UsbBoost
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 13:37 . 2005-06-10 11:39 -------- d-----w- c:\program files\Microsoft AntiSpyware
2010-03-26 13:37 . 2005-11-02 10:49 -------- d-----w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Azureus
2010-03-23 18:32 . 2009-05-31 20:52 -------- d-----w- c:\program files\UltraStar Deluxe
2010-03-23 17:33 . 2010-03-23 17:33 12 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\jasltw.dat
2010-03-19 23:54 . 2005-01-12 20:11 -------- d-----w- c:\program files\FlashGet
2010-02-09 18:57 . 2005-10-28 21:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Messenger Plus!
2010-02-09 18:54 . 2007-09-19 19:25 -------- d-----w- c:\program files\Messenger Plus! Live
2005-09-19 11:39 . 2004-11-09 19:13 44158 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
2004-07-03 19:09 . 2004-10-25 18:20 140800 ----a-w- c:\program files\mozilla firefox\plugins\al2np.dll
.
------- Sigcheck -------
[-] 2004-09-08 . 14E7219CFCEE54E12127A95FD16E3EC2 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2004-09-11 . 0E32CA931DB10F6852EE25C7CCD4D8BF . 1036288 . . [6.00.2900.2180] . . c:\windows\explorer.exe
c:\windows\System32\wscntfy.exe ... manque !!
c:\windows\System32\regsvc.dll ... manque !!
c:\windows\System32\ssdpsrv.dll ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 98304]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 1569280]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2001-08-28 77824]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-28 737360]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-28 737360]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-12 172032]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-09-16 274432]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-08-23 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-03-04 3788800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
c:\documents and settings\All Users.WINDOWS\Menu D'marrer\Programmes\D'marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Administrateur.LSDBOT-II\\Bureau\\wiideocenter\\Wiideo Center.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:6881
"12881:TCP"= 12881:TCP:BitComet 12881 TCP
"12881:UDP"= 12881:UDP:BitComet 12881 UDP
"21:TCP"= 21:TCP:BitComet 21 TCP
"21:UDP"= 21:UDP:BitComet 21 UDP
"13971:TCP"= 13971:TCP:BitComet 13971 TCP
"13971:UDP"= 13971:UDP:BitComet 13971 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/04/2008 15:33 114768]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [04/03/2010 20:30 7936]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/04/2008 15:33 20560]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [13/11/2005 10:54 48928]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/12/2005 22:18 664064]
.
Contenu du dossier 'Tâches planifiées'
2010-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Examen supplémentaire -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1036
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Télécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Tout t&élécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Télécharger tout avec FlashGet - c:\program files\FlashGet\jc_all.htm
FF - ProfilePath - c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Mozilla\Firefox\Profiles\apntqwd0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Associations de fichier -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-41794328 - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\41794328\41794328.exe
AddRemove-4Musics Multiformat Converter v1.5 - c:\progra~1\4Musics Multiformat Converter\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-27 17:19
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2010-03-27 17:21:12
ComboFix-quarantined-files.txt 2010-03-27 16:21
Avant-CF: 5 309 657 088 octets libres
Après-CF: 5 353 168 896 octets libres
- - End Of File - - 398BD985E472394EF16FF7F0B3E411AA
ComboFix 10-03-26.02 - Administrateur 27/03/2010 17:14:59.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.215 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur.LSDBOT-II\Bureau\ccm.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-343818398-1614895754-839522115-500
c:\recycler\S-1-5-21-842925246-162531612-839522115-1003
c:\windows\Mafia
c:\windows\Mafia \uninstall.exe
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\msconfig.exe
c:\windows\twain_16.dll
F:\Autorun.inf
----- BITS: Il y a peut-être des sites infectés -----
hxxp://designer.extrafilm.be
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-27 au 2010-03-27 ))))))))))))))))))))))))))))))))))))
.
2010-03-26 13:34 . 2010-03-26 13:34 -------- d-----w- c:\program files\CCleaner
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Malwarebytes
2010-03-23 18:45 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-03-23 18:45 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 18:37 . 2010-03-23 18:37 -------- d-----w- c:\program files\Enigma Software Group
2010-03-04 19:30 . 2010-03-04 19:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FNET
2010-03-04 19:30 . 2010-03-04 19:30 7936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2010-03-04 19:30 . 2010-03-04 19:30 23680 ----a-w- c:\windows\system32\drivers\fnettboh.sys
2010-03-04 19:30 . 2010-03-04 19:30 -------- d-----w- c:\program files\UsbBoost
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 13:37 . 2005-06-10 11:39 -------- d-----w- c:\program files\Microsoft AntiSpyware
2010-03-26 13:37 . 2005-11-02 10:49 -------- d-----w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Azureus
2010-03-23 18:32 . 2009-05-31 20:52 -------- d-----w- c:\program files\UltraStar Deluxe
2010-03-23 17:33 . 2010-03-23 17:33 12 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\jasltw.dat
2010-03-19 23:54 . 2005-01-12 20:11 -------- d-----w- c:\program files\FlashGet
2010-02-09 18:57 . 2005-10-28 21:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Messenger Plus!
2010-02-09 18:54 . 2007-09-19 19:25 -------- d-----w- c:\program files\Messenger Plus! Live
2005-09-19 11:39 . 2004-11-09 19:13 44158 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
2004-07-03 19:09 . 2004-10-25 18:20 140800 ----a-w- c:\program files\mozilla firefox\plugins\al2np.dll
.
------- Sigcheck -------
[-] 2004-09-08 . 14E7219CFCEE54E12127A95FD16E3EC2 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2004-09-11 . 0E32CA931DB10F6852EE25C7CCD4D8BF . 1036288 . . [6.00.2900.2180] . . c:\windows\explorer.exe
c:\windows\System32\wscntfy.exe ... manque !!
c:\windows\System32\regsvc.dll ... manque !!
c:\windows\System32\ssdpsrv.dll ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 98304]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 1569280]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2001-08-28 77824]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-28 737360]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-28 737360]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-12 172032]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-09-16 274432]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-08-23 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-03-04 3788800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
c:\documents and settings\All Users.WINDOWS\Menu D'marrer\Programmes\D'marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Administrateur.LSDBOT-II\\Bureau\\wiideocenter\\Wiideo Center.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:6881
"12881:TCP"= 12881:TCP:BitComet 12881 TCP
"12881:UDP"= 12881:UDP:BitComet 12881 UDP
"21:TCP"= 21:TCP:BitComet 21 TCP
"21:UDP"= 21:UDP:BitComet 21 UDP
"13971:TCP"= 13971:TCP:BitComet 13971 TCP
"13971:UDP"= 13971:UDP:BitComet 13971 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/04/2008 15:33 114768]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [04/03/2010 20:30 7936]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/04/2008 15:33 20560]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [13/11/2005 10:54 48928]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/12/2005 22:18 664064]
.
Contenu du dossier 'Tâches planifiées'
2010-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Examen supplémentaire -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1036
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Télécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Tout t&élécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Télécharger tout avec FlashGet - c:\program files\FlashGet\jc_all.htm
FF - ProfilePath - c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Mozilla\Firefox\Profiles\apntqwd0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Associations de fichier -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-41794328 - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\41794328\41794328.exe
AddRemove-4Musics Multiformat Converter v1.5 - c:\progra~1\4Musics Multiformat Converter\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-27 17:19
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2010-03-27 17:21:12
ComboFix-quarantined-files.txt 2010-03-27 16:21
Avant-CF: 5 309 657 088 octets libres
Après-CF: 5 353 168 896 octets libres
- - End Of File - - 398BD985E472394EF16FF7F0B3E411AA
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
3 avril 2010 à 08:57
3 avril 2010 à 08:57
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
==> Cela fait que Combofix a travaillé en "fonctionalités réduites".
--> Relances l'outil en installant cette console quand il te le demandera et colles le rapport stp...
a+
==> Cela fait que Combofix a travaillé en "fonctionalités réduites".
--> Relances l'outil en installant cette console quand il te le demandera et colles le rapport stp...
a+
Me revoilà !
Je n'ai pas su répondre plus tôt, désolé.
J'ai donc refait combofix et voici le rapport :
ComboFix 10-04-17.05 - Administrateur 18/04/2010 12:17:54.3.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.179 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur.LSDBOT-II\Bureau\ccm.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\BITS
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\BITS\BITS.ini
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\BITS\DHTTable.dat
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\BITS\ProxyList.ini
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\BITS\UPnP.ini
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO\FlashGetHook.dll
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO\GetUrl.htm
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\adns.dll
c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.exe
c:\program files\FlashGet Network\FlashGet 3\cd1.ico
c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
c:\program files\FlashGet Network\FlashGet 3\config\clients.met
c:\program files\FlashGet Network\FlashGet 3\config\clients.met.bak
c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
c:\program files\FlashGet Network\FlashGet 3\config\known.met
c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
c:\program files\FlashGet Network\FlashGet 3\config\server.met
c:\program files\FlashGet Network\FlashGet 3\config\server_met.old
c:\program files\FlashGet Network\FlashGet 3\config\upload.met
c:\program files\FlashGet Network\FlashGet 3\corestat.dll
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_33665566.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_4-L.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5-04400194A.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5_4504_1.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_duoyukunshou112.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_fenshouxin121.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon01.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon03.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon04.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_logo.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_Nona33me.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_Nona55me.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\dian.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_new_1271314662.zip
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gameall.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gametop.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newgame.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newmovie.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p2.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p3.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p4.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p5.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p6.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p7.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p8.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\tab.gif
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\domain_url_list_en.zip
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_blue.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_classic.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_white.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat
c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
c:\program files\FlashGet Network\FlashGet 3\fg.ico
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\FGResDetector.conf
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
c:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe
c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
c:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll
c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll
c:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll
c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
c:\program files\FlashGet Network\FlashGet 3\game.ico
c:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic
c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
c:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GetUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
c:\program files\FlashGet Network\FlashGet 3\libem.dll
c:\program files\FlashGet Network\FlashGet 3\license.txt
c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\p2pcore.dll
c:\program files\FlashGet Network\FlashGet 3\p2score.dll
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pncrt.dll
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginfailed.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginsucc.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\msgnotify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\topmain.png
c:\program files\FlashGet Network\FlashGet 3\SnapShot.dll
c:\program files\FlashGet Network\FlashGet 3\storage.dll
c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
c:\program files\FlashGet Network\FlashGet 3\uninst.exe
c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
c:\program files\FlashGet Network\FlashGet 3\zlib.dll
c:\windows\system32\secustat.dat
c:\windows\system32\dbghlp.dll . . . est infecté!!
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-18 au 2010-04-18 ))))))))))))))))))))))))))))))))))))
.
2010-04-02 08:45 . 2010-04-02 08:45 503808 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a5c709c-n\msvcp71.dll
2010-04-02 08:45 . 2010-04-02 08:45 499712 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a5c709c-n\jmc.dll
2010-04-02 08:45 . 2010-04-02 08:45 348160 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a5c709c-n\msvcr71.dll
2010-04-02 08:45 . 2010-04-02 08:45 61440 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-666a9fe3-n\decora-sse.dll
2010-04-02 08:45 . 2010-04-02 08:45 12800 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-666a9fe3-n\decora-d3d.dll
2010-03-31 19:00 . 2009-04-09 13:03 57407 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Mozilla\Firefox\Profiles\apntqwd0.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
2010-03-31 19:00 . 2010-04-16 19:42 4407 ----a-w- c:\windows\system32\secushr.dat
2010-03-31 18:59 . 2010-03-31 18:59 -------- d-----w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGet
2010-03-27 17:14 . 2010-03-27 17:16 -------- d-----w- C:\ccm
2010-03-27 16:51 . 2010-03-27 16:51 -------- d-----w- c:\windows\system32\wbem\snmp
2010-03-27 16:51 . 2010-03-27 16:51 -------- d-----w- c:\windows\system32\xircom
2010-03-27 16:51 . 2010-03-27 16:51 -------- d-----w- c:\windows\srchasst
2010-03-27 16:51 . 2010-03-27 16:51 -------- d-----w- c:\program files\microsoft frontpage
2010-03-26 13:34 . 2010-03-26 13:34 -------- d-----w- c:\program files\CCleaner
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Malwarebytes
2010-03-23 18:45 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-03-23 18:45 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 18:37 . 2010-03-23 18:37 -------- d-----w- c:\program files\Enigma Software Group
Je n'ai pas su répondre plus tôt, désolé.
J'ai donc refait combofix et voici le rapport :
ComboFix 10-04-17.05 - Administrateur 18/04/2010 12:17:54.3.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.179 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur.LSDBOT-II\Bureau\ccm.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\BITS
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\BITS\BITS.ini
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\BITS\DHTTable.dat
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\BITS\ProxyList.ini
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\BITS\UPnP.ini
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO\FlashGetHook.dll
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO\GetUrl.htm
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\adns.dll
c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.exe
c:\program files\FlashGet Network\FlashGet 3\cd1.ico
c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
c:\program files\FlashGet Network\FlashGet 3\config\clients.met
c:\program files\FlashGet Network\FlashGet 3\config\clients.met.bak
c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
c:\program files\FlashGet Network\FlashGet 3\config\known.met
c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
c:\program files\FlashGet Network\FlashGet 3\config\server.met
c:\program files\FlashGet Network\FlashGet 3\config\server_met.old
c:\program files\FlashGet Network\FlashGet 3\config\upload.met
c:\program files\FlashGet Network\FlashGet 3\corestat.dll
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_33665566.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_4-L.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5-04400194A.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5_4504_1.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_duoyukunshou112.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_fenshouxin121.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon01.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon03.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon04.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_logo.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_Nona33me.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_Nona55me.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\dian.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_new_1271314662.zip
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gameall.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gametop.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newgame.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newmovie.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p2.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p3.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p4.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p5.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p6.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p7.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p8.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\tab.gif
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\domain_url_list_en.zip
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_blue.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_classic.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_white.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat
c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
c:\program files\FlashGet Network\FlashGet 3\fg.ico
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\FGResDetector.conf
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
c:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe
c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
c:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll
c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll
c:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll
c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
c:\program files\FlashGet Network\FlashGet 3\game.ico
c:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic
c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
c:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GetUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
c:\program files\FlashGet Network\FlashGet 3\libem.dll
c:\program files\FlashGet Network\FlashGet 3\license.txt
c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\p2pcore.dll
c:\program files\FlashGet Network\FlashGet 3\p2score.dll
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pncrt.dll
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginfailed.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginsucc.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\msgnotify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\topmain.png
c:\program files\FlashGet Network\FlashGet 3\SnapShot.dll
c:\program files\FlashGet Network\FlashGet 3\storage.dll
c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
c:\program files\FlashGet Network\FlashGet 3\uninst.exe
c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
c:\program files\FlashGet Network\FlashGet 3\zlib.dll
c:\windows\system32\secustat.dat
c:\windows\system32\dbghlp.dll . . . est infecté!!
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-18 au 2010-04-18 ))))))))))))))))))))))))))))))))))))
.
2010-04-02 08:45 . 2010-04-02 08:45 503808 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a5c709c-n\msvcp71.dll
2010-04-02 08:45 . 2010-04-02 08:45 499712 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a5c709c-n\jmc.dll
2010-04-02 08:45 . 2010-04-02 08:45 348160 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a5c709c-n\msvcr71.dll
2010-04-02 08:45 . 2010-04-02 08:45 61440 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-666a9fe3-n\decora-sse.dll
2010-04-02 08:45 . 2010-04-02 08:45 12800 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-666a9fe3-n\decora-d3d.dll
2010-03-31 19:00 . 2009-04-09 13:03 57407 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Mozilla\Firefox\Profiles\apntqwd0.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
2010-03-31 19:00 . 2010-04-16 19:42 4407 ----a-w- c:\windows\system32\secushr.dat
2010-03-31 18:59 . 2010-03-31 18:59 -------- d-----w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGet
2010-03-27 17:14 . 2010-03-27 17:16 -------- d-----w- C:\ccm
2010-03-27 16:51 . 2010-03-27 16:51 -------- d-----w- c:\windows\system32\wbem\snmp
2010-03-27 16:51 . 2010-03-27 16:51 -------- d-----w- c:\windows\system32\xircom
2010-03-27 16:51 . 2010-03-27 16:51 -------- d-----w- c:\windows\srchasst
2010-03-27 16:51 . 2010-03-27 16:51 -------- d-----w- c:\program files\microsoft frontpage
2010-03-26 13:34 . 2010-03-26 13:34 -------- d-----w- c:\program files\CCleaner
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Malwarebytes
2010-03-23 18:45 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-03-23 18:45 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 18:37 . 2010-03-23 18:37 -------- d-----w- c:\program files\Enigma Software Group
La suite :
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 10:12 . 2007-02-06 17:42 -------- d-----w- c:\program files\SuperCopier2
2010-04-02 08:46 . 2004-10-25 18:19 -------- d-----w- c:\program files\Fichiers communs\Java
2010-04-02 08:45 . 2004-10-25 18:19 -------- d-----w- c:\program files\Java
2010-04-02 06:49 . 2005-01-12 20:11 -------- d-----w- c:\program files\FlashGet
2010-03-31 13:56 . 2001-08-28 14:00 86282 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-31 13:56 . 2001-08-28 14:00 512928 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-26 13:37 . 2005-06-10 11:39 -------- d-----w- c:\program files\Microsoft AntiSpyware
2010-03-26 13:37 . 2005-11-02 10:49 -------- d-----w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Azureus
2010-03-23 18:32 . 2009-05-31 20:52 -------- d-----w- c:\program files\UltraStar Deluxe
2010-03-23 17:33 . 2010-03-23 17:33 12 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\jasltw.dat
2010-03-09 02:28 . 2008-12-17 18:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 19:30 . 2010-03-04 19:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FNET
2010-03-04 19:30 . 2010-03-04 19:30 7936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2010-03-04 19:30 . 2010-03-04 19:30 23680 ----a-w- c:\windows\system32\drivers\fnettboh.sys
2010-03-04 19:30 . 2010-03-04 19:30 -------- d-----w- c:\program files\UsbBoost
2005-09-19 11:39 . 2004-11-09 19:13 44158 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
2004-07-03 19:09 . 2004-10-25 18:20 140800 ----a-w- c:\program files\mozilla firefox\plugins\al2np.dll
.
------- Sigcheck -------
[-] 2004-09-08 . 14E7219CFCEE54E12127A95FD16E3EC2 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2004-09-11 . 0E32CA931DB10F6852EE25C7CCD4D8BF . 1036288 . . [6.00.2900.2180] . . c:\windows\explorer.exe
c:\windows\System32\wscntfy.exe ... manque !!
c:\windows\System32\regsvc.dll ... manque !!
c:\windows\System32\ssdpsrv.dll ... manque !!
.
((((((((((((((((((((((((((((( SnapShot@2010-03-27_16.19.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-18 09:59 . 2010-04-18 09:59 16384 c:\windows\Temp\Perflib_Perfdata_750.dat
+ 2010-04-18 09:59 . 2010-04-18 09:59 16384 c:\windows\Temp\Perflib_Perfdata_31c.dat
+ 2001-08-28 14:00 . 2010-03-31 13:56 72138 c:\windows\system32\perfc009.dat
- 2001-08-28 14:00 . 2009-10-25 10:26 72138 c:\windows\system32\perfc009.dat
+ 2005-10-29 13:42 . 2004-09-08 17:42 26496 c:\windows\system32\drivers\USBSTOR.SYS
- 2005-10-29 13:42 . 2004-09-08 18:42 26496 c:\windows\system32\drivers\usbstor.sys
+ 2004-08-03 20:59 . 2004-09-08 17:41 36352 c:\windows\system32\drivers\disk.sys
- 2004-08-03 20:59 . 2004-09-08 18:41 36352 c:\windows\system32\drivers\disk.sys
- 2001-08-28 14:00 . 2009-10-25 10:26 443358 c:\windows\system32\perfh009.dat
+ 2001-08-28 14:00 . 2010-03-31 13:56 443358 c:\windows\system32\perfh009.dat
+ 2010-04-02 08:45 . 2010-03-09 02:28 153376 c:\windows\system32\javaws.exe
+ 2010-04-02 08:45 . 2010-03-09 02:28 145184 c:\windows\system32\javaw.exe
- 2009-10-16 16:42 . 2009-07-25 03:23 145184 c:\windows\system32\javaw.exe
- 2009-10-16 16:42 . 2009-07-25 03:23 145184 c:\windows\system32\java.exe
+ 2010-04-02 08:45 . 2010-03-09 02:28 145184 c:\windows\system32\java.exe
+ 2010-04-02 08:46 . 2010-04-02 08:46 180224 c:\windows\Installer\6a0cdf.msi
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 98304]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 1569280]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2001-08-28 77824]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-28 737360]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-28 737360]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-12 172032]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-09-16 274432]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-08-23 198160]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-03-04 3788800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
c:\documents and settings\All Users.WINDOWS\Menu D'marrer\Programmes\D'marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Administrateur.LSDBOT-II\\Bureau\\wiideocenter\\Wiideo Center.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:6881
"12881:TCP"= 12881:TCP:BitComet 12881 TCP
"12881:UDP"= 12881:UDP:BitComet 12881 UDP
"21:TCP"= 21:TCP:BitComet 21 TCP
"21:UDP"= 21:UDP:BitComet 21 UDP
"13971:TCP"= 13971:TCP:BitComet 13971 TCP
"13971:UDP"= 13971:UDP:BitComet 13971 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/04/2008 16:33 114768]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [04/03/2010 21:30 7936]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/04/2008 16:33 20560]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [13/11/2005 11:54 48928]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/12/2005 23:18 664064]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'
2010-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Examen supplémentaire -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1036
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download all by FlashGet3 - c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Télécharger tout avec FlashGet - c:\program files\FlashGet\jc_all.htm
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Mozilla\Firefox\Profiles\apntqwd0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - component: c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Mozilla\Firefox\Profiles\apntqwd0.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Associations de fichier -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
- - - - ORPHELINS SUPPRIMES - - - -
AddRemove-FlashGet 3.3 - c:\program files\FlashGet Network\FlashGet 3\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-18 12:24
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1.LSD\LOCALS~1\Temp\mc2A.tmp"
.
Heure de fin: 2010-04-18 12:27:06
ComboFix-quarantined-files.txt 2010-04-18 10:27
ComboFix2.txt 2010-03-27 17:25
ComboFix3.txt 2010-03-27 16:21
Avant-CF: 4 695 822 336 octets libres
Après-CF: 4 655 329 280 octets libres
- - End Of File - - 838BE32398FB41A3DE605DC5E35DB100
Encore merci pour votre aide!
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 10:12 . 2007-02-06 17:42 -------- d-----w- c:\program files\SuperCopier2
2010-04-02 08:46 . 2004-10-25 18:19 -------- d-----w- c:\program files\Fichiers communs\Java
2010-04-02 08:45 . 2004-10-25 18:19 -------- d-----w- c:\program files\Java
2010-04-02 06:49 . 2005-01-12 20:11 -------- d-----w- c:\program files\FlashGet
2010-03-31 13:56 . 2001-08-28 14:00 86282 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-31 13:56 . 2001-08-28 14:00 512928 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-26 13:37 . 2005-06-10 11:39 -------- d-----w- c:\program files\Microsoft AntiSpyware
2010-03-26 13:37 . 2005-11-02 10:49 -------- d-----w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Azureus
2010-03-23 18:32 . 2009-05-31 20:52 -------- d-----w- c:\program files\UltraStar Deluxe
2010-03-23 17:33 . 2010-03-23 17:33 12 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\jasltw.dat
2010-03-09 02:28 . 2008-12-17 18:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 19:30 . 2010-03-04 19:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FNET
2010-03-04 19:30 . 2010-03-04 19:30 7936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2010-03-04 19:30 . 2010-03-04 19:30 23680 ----a-w- c:\windows\system32\drivers\fnettboh.sys
2010-03-04 19:30 . 2010-03-04 19:30 -------- d-----w- c:\program files\UsbBoost
2005-09-19 11:39 . 2004-11-09 19:13 44158 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
2004-07-03 19:09 . 2004-10-25 18:20 140800 ----a-w- c:\program files\mozilla firefox\plugins\al2np.dll
.
------- Sigcheck -------
[-] 2004-09-08 . 14E7219CFCEE54E12127A95FD16E3EC2 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2004-09-11 . 0E32CA931DB10F6852EE25C7CCD4D8BF . 1036288 . . [6.00.2900.2180] . . c:\windows\explorer.exe
c:\windows\System32\wscntfy.exe ... manque !!
c:\windows\System32\regsvc.dll ... manque !!
c:\windows\System32\ssdpsrv.dll ... manque !!
.
((((((((((((((((((((((((((((( SnapShot@2010-03-27_16.19.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-18 09:59 . 2010-04-18 09:59 16384 c:\windows\Temp\Perflib_Perfdata_750.dat
+ 2010-04-18 09:59 . 2010-04-18 09:59 16384 c:\windows\Temp\Perflib_Perfdata_31c.dat
+ 2001-08-28 14:00 . 2010-03-31 13:56 72138 c:\windows\system32\perfc009.dat
- 2001-08-28 14:00 . 2009-10-25 10:26 72138 c:\windows\system32\perfc009.dat
+ 2005-10-29 13:42 . 2004-09-08 17:42 26496 c:\windows\system32\drivers\USBSTOR.SYS
- 2005-10-29 13:42 . 2004-09-08 18:42 26496 c:\windows\system32\drivers\usbstor.sys
+ 2004-08-03 20:59 . 2004-09-08 17:41 36352 c:\windows\system32\drivers\disk.sys
- 2004-08-03 20:59 . 2004-09-08 18:41 36352 c:\windows\system32\drivers\disk.sys
- 2001-08-28 14:00 . 2009-10-25 10:26 443358 c:\windows\system32\perfh009.dat
+ 2001-08-28 14:00 . 2010-03-31 13:56 443358 c:\windows\system32\perfh009.dat
+ 2010-04-02 08:45 . 2010-03-09 02:28 153376 c:\windows\system32\javaws.exe
+ 2010-04-02 08:45 . 2010-03-09 02:28 145184 c:\windows\system32\javaw.exe
- 2009-10-16 16:42 . 2009-07-25 03:23 145184 c:\windows\system32\javaw.exe
- 2009-10-16 16:42 . 2009-07-25 03:23 145184 c:\windows\system32\java.exe
+ 2010-04-02 08:45 . 2010-03-09 02:28 145184 c:\windows\system32\java.exe
+ 2010-04-02 08:46 . 2010-04-02 08:46 180224 c:\windows\Installer\6a0cdf.msi
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 98304]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 1569280]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2001-08-28 77824]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-28 737360]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-28 737360]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-12 172032]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-09-16 274432]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-08-23 198160]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-03-04 3788800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
c:\documents and settings\All Users.WINDOWS\Menu D'marrer\Programmes\D'marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Administrateur.LSDBOT-II\\Bureau\\wiideocenter\\Wiideo Center.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:6881
"12881:TCP"= 12881:TCP:BitComet 12881 TCP
"12881:UDP"= 12881:UDP:BitComet 12881 UDP
"21:TCP"= 21:TCP:BitComet 21 TCP
"21:UDP"= 21:UDP:BitComet 21 UDP
"13971:TCP"= 13971:TCP:BitComet 13971 TCP
"13971:UDP"= 13971:UDP:BitComet 13971 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/04/2008 16:33 114768]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [04/03/2010 21:30 7936]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/04/2008 16:33 20560]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [13/11/2005 11:54 48928]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/12/2005 23:18 664064]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'
2010-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Examen supplémentaire -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1036
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download all by FlashGet3 - c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Télécharger tout avec FlashGet - c:\program files\FlashGet\jc_all.htm
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Mozilla\Firefox\Profiles\apntqwd0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - component: c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Mozilla\Firefox\Profiles\apntqwd0.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Associations de fichier -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
- - - - ORPHELINS SUPPRIMES - - - -
AddRemove-FlashGet 3.3 - c:\program files\FlashGet Network\FlashGet 3\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-18 12:24
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1.LSD\LOCALS~1\Temp\mc2A.tmp"
.
Heure de fin: 2010-04-18 12:27:06
ComboFix-quarantined-files.txt 2010-04-18 10:27
ComboFix2.txt 2010-03-27 17:25
ComboFix3.txt 2010-03-27 16:21
Avant-CF: 4 695 822 336 octets libres
Après-CF: 4 655 329 280 octets libres
- - End Of File - - 838BE32398FB41A3DE605DC5E35DB100
Encore merci pour votre aide!
Utilisateur anonyme
18 avril 2010 à 20:50
18 avril 2010 à 20:50
A la lecture de ton scan, il reste pas mal de crasses sur ton pc
Cependant certains points me posent problème !
==> Je vais donc demander divers avis afin de te donner une réponse
adéquate....
DSL mais cela prendra un peu de temps.....Je te prie donc de bien vouloir patienter....
Ps: Sois sur que tu auras une réponse.
a+
Cependant certains points me posent problème !
==> Je vais donc demander divers avis afin de te donner une réponse
adéquate....
DSL mais cela prendra un peu de temps.....Je te prie donc de bien vouloir patienter....
Ps: Sois sur que tu auras une réponse.
a+
Utilisateur anonyme
18 avril 2010 à 21:44
18 avril 2010 à 21:44
Re
|==>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet ordinateur/!\<==|
|===========>il est fort déconseillé de le transposer sur un autre ordinateur !<==========|
-----------------------------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
* Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
* Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
FCopy::
C:\WINDOWS\system32\dllcache\wscntfy.exe | c:\windows\System32\wscntfy.exe
-----------------------------------------------------------------
* Enregistre ce fichier sur ton Bureau (et pas ailleurs !) Sous le nom CFScript.txt
* Quitte le Bloc Notes
* Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
@+
|==>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet ordinateur/!\<==|
|===========>il est fort déconseillé de le transposer sur un autre ordinateur !<==========|
-----------------------------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
* Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
* Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
FCopy::
C:\WINDOWS\system32\dllcache\wscntfy.exe | c:\windows\System32\wscntfy.exe
-----------------------------------------------------------------
* Enregistre ce fichier sur ton Bureau (et pas ailleurs !) Sous le nom CFScript.txt
* Quitte le Bloc Notes
* Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
@+
Utilisateur anonyme
18 avril 2010 à 22:28
18 avril 2010 à 22:28
Voili voila..en essayant de toujours avoir mieux....
il faut tester dans la vie ;-)
voici le rapport :
ComboFix 10-04-18.04 - Administrateur 19/04/2010 17:26:16.4.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.193 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur.LSDBOT-II\Bureau\ccm.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur.LSDBOT-II\Bureau\CFScript.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-19 au 2010-04-19 ))))))))))))))))))))))))))))))))))))
.
2010-04-02 08:45 . 2010-04-02 08:45 503808 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a5c709c-n\msvcp71.dll
2010-04-02 08:45 . 2010-04-02 08:45 499712 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a5c709c-n\jmc.dll
2010-04-02 08:45 . 2010-04-02 08:45 348160 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a5c709c-n\msvcr71.dll
2010-04-02 08:45 . 2010-04-02 08:45 61440 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-666a9fe3-n\decora-sse.dll
2010-04-02 08:45 . 2010-04-02 08:45 12800 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-666a9fe3-n\decora-d3d.dll
2010-03-31 19:00 . 2009-04-09 13:03 57407 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Mozilla\Firefox\Profiles\apntqwd0.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
2010-03-31 19:00 . 2010-04-16 19:42 4407 ----a-w- c:\windows\system32\secushr.dat
2010-03-31 18:59 . 2010-03-31 18:59 -------- d-----w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGet
2010-03-27 17:14 . 2010-03-27 17:16 -------- d-----w- C:\ccm
2010-03-27 16:51 . 2010-03-27 16:51 -------- d-----w- c:\windows\system32\wbem\snmp
2010-03-27 16:51 . 2010-03-27 16:51 -------- d-----w- c:\windows\system32\xircom
2010-03-27 16:51 . 2010-03-27 16:51 -------- d-----w- c:\windows\srchasst
2010-03-27 16:51 . 2010-03-27 16:51 -------- d-----w- c:\program files\microsoft frontpage
2010-03-26 13:34 . 2010-03-26 13:34 -------- d-----w- c:\program files\CCleaner
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Malwarebytes
2010-03-23 18:45 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-03-23 18:45 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 18:37 . 2010-03-23 18:37 -------- d-----w- c:\program files\Enigma Software Group
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 10:38 . 2007-02-06 17:42 -------- d-----w- c:\program files\SuperCopier2
2010-04-02 08:46 . 2004-10-25 18:19 -------- d-----w- c:\program files\Fichiers communs\Java
2010-04-02 08:45 . 2004-10-25 18:19 -------- d-----w- c:\program files\Java
2010-04-02 06:49 . 2005-01-12 20:11 -------- d-----w- c:\program files\FlashGet
2010-03-31 13:56 . 2001-08-28 14:00 86282 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-31 13:56 . 2001-08-28 14:00 512928 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-26 13:37 . 2005-06-10 11:39 -------- d-----w- c:\program files\Microsoft AntiSpyware
2010-03-26 13:37 . 2005-11-02 10:49 -------- d-----w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Azureus
2010-03-23 18:32 . 2009-05-31 20:52 -------- d-----w- c:\program files\UltraStar Deluxe
2010-03-23 17:33 . 2010-03-23 17:33 12 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\jasltw.dat
2010-03-09 02:28 . 2008-12-17 18:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 19:30 . 2010-03-04 19:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FNET
2010-03-04 19:30 . 2010-03-04 19:30 7936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2010-03-04 19:30 . 2010-03-04 19:30 23680 ----a-w- c:\windows\system32\drivers\fnettboh.sys
2010-03-04 19:30 . 2010-03-04 19:30 -------- d-----w- c:\program files\UsbBoost
2005-09-19 11:39 . 2004-11-09 19:13 44158 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
2004-07-03 19:09 . 2004-10-25 18:20 140800 ----a-w- c:\program files\mozilla firefox\plugins\al2np.dll
.
------- Sigcheck -------
[-] 2004-09-08 . 14E7219CFCEE54E12127A95FD16E3EC2 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2004-09-11 . 0E32CA931DB10F6852EE25C7CCD4D8BF . 1036288 . . [6.00.2900.2180] . . c:\windows\explorer.exe
c:\windows\System32\wscntfy.exe ... manque !!
c:\windows\System32\regsvc.dll ... manque !!
c:\windows\System32\ssdpsrv.dll ... manque !!
.
((((((((((((((((((((((((((((( SnapShot@2010-03-27_16.19.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-19 15:15 . 2010-04-19 15:15 16384 c:\windows\Temp\Perflib_Perfdata_ac.dat
+ 2010-04-19 15:15 . 2010-04-19 15:15 16384 c:\windows\Temp\Perflib_Perfdata_1e0.dat
+ 2001-08-28 14:00 . 2010-03-31 13:56 72138 c:\windows\system32\perfc009.dat
- 2001-08-28 14:00 . 2009-10-25 10:26 72138 c:\windows\system32\perfc009.dat
+ 2005-10-29 13:42 . 2004-09-08 17:42 26496 c:\windows\system32\drivers\USBSTOR.SYS
- 2005-10-29 13:42 . 2004-09-08 18:42 26496 c:\windows\system32\drivers\usbstor.sys
+ 2004-08-03 20:59 . 2004-09-08 17:41 36352 c:\windows\system32\drivers\disk.sys
- 2004-08-03 20:59 . 2004-09-08 18:41 36352 c:\windows\system32\drivers\disk.sys
- 2001-08-28 14:00 . 2009-10-25 10:26 443358 c:\windows\system32\perfh009.dat
+ 2001-08-28 14:00 . 2010-03-31 13:56 443358 c:\windows\system32\perfh009.dat
+ 2010-04-02 08:45 . 2010-03-09 02:28 153376 c:\windows\system32\javaws.exe
+ 2010-04-02 08:45 . 2010-03-09 02:28 145184 c:\windows\system32\javaw.exe
- 2009-10-16 16:42 . 2009-07-25 03:23 145184 c:\windows\system32\javaw.exe
- 2009-10-16 16:42 . 2009-07-25 03:23 145184 c:\windows\system32\java.exe
+ 2010-04-02 08:45 . 2010-03-09 02:28 145184 c:\windows\system32\java.exe
+ 2010-04-02 08:46 . 2010-04-02 08:46 180224 c:\windows\Installer\6a0cdf.msi
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 98304]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 1569280]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2001-08-28 77824]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-28 737360]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-28 737360]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-12 172032]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-09-16 274432]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-08-23 198160]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-03-04 3788800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
c:\documents and settings\All Users.WINDOWS\Menu D'marrer\Programmes\D'marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Administrateur.LSDBOT-II\\Bureau\\wiideocenter\\Wiideo Center.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:6881
"12881:TCP"= 12881:TCP:BitComet 12881 TCP
"12881:UDP"= 12881:UDP:BitComet 12881 UDP
"21:TCP"= 21:TCP:BitComet 21 TCP
"21:UDP"= 21:UDP:BitComet 21 UDP
"13971:TCP"= 13971:TCP:BitComet 13971 TCP
"13971:UDP"= 13971:UDP:BitComet 13971 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/04/2008 16:33 114768]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [04/03/2010 21:30 7936]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/04/2008 16:33 20560]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [13/11/2005 11:54 48928]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/12/2005 23:18 664064]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'
2010-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Examen supplémentaire -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1036
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download all by FlashGet3 - c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Télécharger tout avec FlashGet - c:\program files\FlashGet\jc_all.htm
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Mozilla\Firefox\Profiles\apntqwd0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - component: c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Mozilla\Firefox\Profiles\apntqwd0.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 17:31
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1.LSD\LOCALS~1\Temp\mc22.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2388)
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Fichiers communs\Logitech\Scrolling\LgMsgHk.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
.
Heure de fin: 2010-04-19 17:33:43
ComboFix-quarantined-files.txt 2010-04-19 15:33
ComboFix2.txt 2010-04-18 10:27
ComboFix3.txt 2010-03-27 17:25
ComboFix4.txt 2010-03-27 16:21
Avant-CF: 4 629 716 992 octets libres
Après-CF: 4 601 233 408 octets libres
- - End Of File - - 1D164F60D563CDFF99B57A6D349E45D2
voici le rapport :
ComboFix 10-04-18.04 - Administrateur 19/04/2010 17:26:16.4.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.193 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur.LSDBOT-II\Bureau\ccm.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur.LSDBOT-II\Bureau\CFScript.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-19 au 2010-04-19 ))))))))))))))))))))))))))))))))))))
.
2010-04-02 08:45 . 2010-04-02 08:45 503808 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a5c709c-n\msvcp71.dll
2010-04-02 08:45 . 2010-04-02 08:45 499712 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a5c709c-n\jmc.dll
2010-04-02 08:45 . 2010-04-02 08:45 348160 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a5c709c-n\msvcr71.dll
2010-04-02 08:45 . 2010-04-02 08:45 61440 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-666a9fe3-n\decora-sse.dll
2010-04-02 08:45 . 2010-04-02 08:45 12800 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-666a9fe3-n\decora-d3d.dll
2010-03-31 19:00 . 2009-04-09 13:03 57407 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Mozilla\Firefox\Profiles\apntqwd0.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
2010-03-31 19:00 . 2010-04-16 19:42 4407 ----a-w- c:\windows\system32\secushr.dat
2010-03-31 18:59 . 2010-03-31 18:59 -------- d-----w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGet
2010-03-27 17:14 . 2010-03-27 17:16 -------- d-----w- C:\ccm
2010-03-27 16:51 . 2010-03-27 16:51 -------- d-----w- c:\windows\system32\wbem\snmp
2010-03-27 16:51 . 2010-03-27 16:51 -------- d-----w- c:\windows\system32\xircom
2010-03-27 16:51 . 2010-03-27 16:51 -------- d-----w- c:\windows\srchasst
2010-03-27 16:51 . 2010-03-27 16:51 -------- d-----w- c:\program files\microsoft frontpage
2010-03-26 13:34 . 2010-03-26 13:34 -------- d-----w- c:\program files\CCleaner
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Malwarebytes
2010-03-23 18:45 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 18:45 . 2010-03-23 18:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-03-23 18:45 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 18:37 . 2010-03-23 18:37 -------- d-----w- c:\program files\Enigma Software Group
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 10:38 . 2007-02-06 17:42 -------- d-----w- c:\program files\SuperCopier2
2010-04-02 08:46 . 2004-10-25 18:19 -------- d-----w- c:\program files\Fichiers communs\Java
2010-04-02 08:45 . 2004-10-25 18:19 -------- d-----w- c:\program files\Java
2010-04-02 06:49 . 2005-01-12 20:11 -------- d-----w- c:\program files\FlashGet
2010-03-31 13:56 . 2001-08-28 14:00 86282 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-31 13:56 . 2001-08-28 14:00 512928 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-26 13:37 . 2005-06-10 11:39 -------- d-----w- c:\program files\Microsoft AntiSpyware
2010-03-26 13:37 . 2005-11-02 10:49 -------- d-----w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Azureus
2010-03-23 18:32 . 2009-05-31 20:52 -------- d-----w- c:\program files\UltraStar Deluxe
2010-03-23 17:33 . 2010-03-23 17:33 12 ----a-w- c:\documents and settings\Administrateur.LSDBOT-II\Application Data\jasltw.dat
2010-03-09 02:28 . 2008-12-17 18:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 19:30 . 2010-03-04 19:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FNET
2010-03-04 19:30 . 2010-03-04 19:30 7936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2010-03-04 19:30 . 2010-03-04 19:30 23680 ----a-w- c:\windows\system32\drivers\fnettboh.sys
2010-03-04 19:30 . 2010-03-04 19:30 -------- d-----w- c:\program files\UsbBoost
2005-09-19 11:39 . 2004-11-09 19:13 44158 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
2004-07-03 19:09 . 2004-10-25 18:20 140800 ----a-w- c:\program files\mozilla firefox\plugins\al2np.dll
.
------- Sigcheck -------
[-] 2004-09-08 . 14E7219CFCEE54E12127A95FD16E3EC2 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2004-09-11 . 0E32CA931DB10F6852EE25C7CCD4D8BF . 1036288 . . [6.00.2900.2180] . . c:\windows\explorer.exe
c:\windows\System32\wscntfy.exe ... manque !!
c:\windows\System32\regsvc.dll ... manque !!
c:\windows\System32\ssdpsrv.dll ... manque !!
.
((((((((((((((((((((((((((((( SnapShot@2010-03-27_16.19.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-19 15:15 . 2010-04-19 15:15 16384 c:\windows\Temp\Perflib_Perfdata_ac.dat
+ 2010-04-19 15:15 . 2010-04-19 15:15 16384 c:\windows\Temp\Perflib_Perfdata_1e0.dat
+ 2001-08-28 14:00 . 2010-03-31 13:56 72138 c:\windows\system32\perfc009.dat
- 2001-08-28 14:00 . 2009-10-25 10:26 72138 c:\windows\system32\perfc009.dat
+ 2005-10-29 13:42 . 2004-09-08 17:42 26496 c:\windows\system32\drivers\USBSTOR.SYS
- 2005-10-29 13:42 . 2004-09-08 18:42 26496 c:\windows\system32\drivers\usbstor.sys
+ 2004-08-03 20:59 . 2004-09-08 17:41 36352 c:\windows\system32\drivers\disk.sys
- 2004-08-03 20:59 . 2004-09-08 18:41 36352 c:\windows\system32\drivers\disk.sys
- 2001-08-28 14:00 . 2009-10-25 10:26 443358 c:\windows\system32\perfh009.dat
+ 2001-08-28 14:00 . 2010-03-31 13:56 443358 c:\windows\system32\perfh009.dat
+ 2010-04-02 08:45 . 2010-03-09 02:28 153376 c:\windows\system32\javaws.exe
+ 2010-04-02 08:45 . 2010-03-09 02:28 145184 c:\windows\system32\javaw.exe
- 2009-10-16 16:42 . 2009-07-25 03:23 145184 c:\windows\system32\javaw.exe
- 2009-10-16 16:42 . 2009-07-25 03:23 145184 c:\windows\system32\java.exe
+ 2010-04-02 08:45 . 2010-03-09 02:28 145184 c:\windows\system32\java.exe
+ 2010-04-02 08:46 . 2010-04-02 08:46 180224 c:\windows\Installer\6a0cdf.msi
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 98304]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 1569280]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2001-08-28 77824]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-28 737360]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-28 737360]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-12 172032]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-09-16 274432]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-08-23 198160]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-03-04 3788800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
c:\documents and settings\All Users.WINDOWS\Menu D'marrer\Programmes\D'marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Administrateur.LSDBOT-II\\Bureau\\wiideocenter\\Wiideo Center.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:6881
"12881:TCP"= 12881:TCP:BitComet 12881 TCP
"12881:UDP"= 12881:UDP:BitComet 12881 UDP
"21:TCP"= 21:TCP:BitComet 21 TCP
"21:UDP"= 21:UDP:BitComet 21 UDP
"13971:TCP"= 13971:TCP:BitComet 13971 TCP
"13971:UDP"= 13971:UDP:BitComet 13971 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/04/2008 16:33 114768]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [04/03/2010 21:30 7936]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/04/2008 16:33 20560]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [13/11/2005 11:54 48928]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/12/2005 23:18 664064]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'
2010-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Examen supplémentaire -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1036
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download all by FlashGet3 - c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Administrateur.LSDBOT-II\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Télécharger tout avec FlashGet - c:\program files\FlashGet\jc_all.htm
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Mozilla\Firefox\Profiles\apntqwd0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - component: c:\documents and settings\Administrateur.LSDBOT-II\Application Data\Mozilla\Firefox\Profiles\apntqwd0.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 17:31
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1.LSD\LOCALS~1\Temp\mc22.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2388)
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Fichiers communs\Logitech\Scrolling\LgMsgHk.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
.
Heure de fin: 2010-04-19 17:33:43
ComboFix-quarantined-files.txt 2010-04-19 15:33
ComboFix2.txt 2010-04-18 10:27
ComboFix3.txt 2010-03-27 17:25
ComboFix4.txt 2010-03-27 16:21
Avant-CF: 4 629 716 992 octets libres
Après-CF: 4 601 233 408 octets libres
- - End Of File - - 1D164F60D563CDFF99B57A6D349E45D2
Utilisateur anonyme
19 avril 2010 à 20:44
19 avril 2010 à 20:44
Ton système est endommagé !!!
Deux solutions :
Ou tu formates et tu perds tout...
Ou tu tentes de réparer :
http://www.vista-xp.fr/forum/topic211.html
a+
Deux solutions :
Ou tu formates et tu perds tout...
Ou tu tentes de réparer :
http://www.vista-xp.fr/forum/topic211.html
a+
Utilisateur anonyme
19 avril 2010 à 21:04
19 avril 2010 à 21:04
Lis bien ce tuto : http://www.vista-xp.fr/forum/topic211.html et notemment les toutes dernières lgnes et tu verras
qu'avec cette méthode tu ne perdras pas tes données !
a+
qu'avec cette méthode tu ne perdras pas tes données !
a+
Utilisateur anonyme
19 avril 2010 à 22:15
19 avril 2010 à 22:15
Il y a de grandes chances que non...le but d'un rootkit étant de modifier ton système en exploitant une faille ou un log malveillant, le fait de réparer le supprimera (enfin ....normalement !!!!)
a+
a+
2 avril 2010 à 13:20
Mon pc, c'est un auto monté, sous XP (inscrit dans le log...)
et comme dis auparavant, je vais pas désinstaller des trucs alors que avant ça allait très bien...
2 avril 2010 à 20:03