PC rame pitoyablement
bastien
-
bastien -
bastien -
Bonjour,
Mon pc est d'une lenteur afligeant
pourriez vous me dire ce qui cloche
merci d'avance pour votre aide
voici le rapport::
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:37, on 01/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxtray.exe
C:\Windows\system32\hkcmd.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_2_0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
Mon pc est d'une lenteur afligeant
pourriez vous me dire ce qui cloche
merci d'avance pour votre aide
voici le rapport::
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:37, on 01/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxtray.exe
C:\Windows\system32\hkcmd.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_2_0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
A voir également:
- PC rame pitoyablement
- Pc qui rame - Guide
- Reinitialiser pc - Guide
- Test performance pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Forcer demarrage pc - Guide
53 réponses
https://support.microsoft.com/fr-fr/help/932520/on-a-windows-vista-based-computer-or-on-a-windows-server-2008-based-co
donc à ne pas tenir compte...et donc pas d'explication sur la lenteur du pc
..............
*/!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\
? Télécharge : Gmer (by Przemyslaw Gmerek)
http://www.gmer.net/
? Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
? Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
donc à ne pas tenir compte...et donc pas d'explication sur la lenteur du pc
..............
*/!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\
? Télécharge : Gmer (by Przemyslaw Gmerek)
http://www.gmer.net/
? Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
? Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
voilà le rapport
il est si long que j'ai pas pu coller ici:
http://www.cijoint.fr/cjlink.php?file=cj201006/cijgvRdu08.doc
il est si long que j'ai pas pu coller ici:
http://www.cijoint.fr/cjlink.php?file=cj201006/cijgvRdu08.doc
Attention, avant de commencer, lit attentivement la procédure, et imprime la
Aide à l'utilisation
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Télécharge ComboFix de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\
---> Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l'installer remets provisoirement internet)
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
Aide à l'utilisation
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Télécharge ComboFix de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\
---> Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l'installer remets provisoirement internet)
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
bonsoir MdG,
ComboFix 10-06-06.01 - Dung 06/06/2010 21:25:25.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3036.1645 [GMT 2:00]
Lancé depuis: c:\users\Dung\Desktop\ComboFix.exe
SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un antivirus résident est actif
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Dung\eMule0.49c-Installer.exe
c:\users\Dung\install_www--1421-eMule.exe
c:\users\Dung\OOo_3.1.0_Win32Intel_install_wJRE_fr.exe
c:\users\Dung\unlocker1.8.7.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-06 au 2010-06-06 ))))))))))))))))))))))))))))))))))))
.
2010-06-06 19:47 . 2010-06-06 19:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-03 21:53 . 2010-06-03 21:53 -------- d-----w- c:\programdata\WindowsSearch
2010-06-03 20:35 . 2010-06-03 20:35 -------- d-----w- c:\users\Dung\AppData\Roaming\Intel Corporation
2010-06-03 20:14 . 2006-11-02 06:21 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-06-03 20:13 . 2010-03-03 17:33 435736 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-03 20:09 . 2010-06-03 20:09 -------- d-----w- c:\users\Dung\AppData\Roaming\Intel
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\program files\Cisco
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\program files\Common Files\Intel
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\programdata\Intel
2010-06-03 03:28 . 2010-06-03 03:28 107680 ----a-w- c:\users\Dung\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-01 19:15 . 2010-06-02 17:21 -------- d-----w- C:\Kill'em
2010-06-01 19:15 . 2010-06-03 03:27 -------- d-----w- c:\program files\List_Kill'em
2010-06-01 18:23 . 2010-06-01 18:26 -------- d-----w- c:\program files\ZHPDiag
2010-06-01 17:51 . 2010-05-07 16:07 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-06-01 17:51 . 2010-05-07 16:01 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-06-01 17:51 . 2010-05-07 16:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-06-01 17:50 . 2010-06-01 17:50 -------- d-----w- c:\users\Dung\AppData\Roaming\TuneUp Software
2010-06-01 17:50 . 2010-06-01 17:51 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-06-01 17:48 . 2010-06-01 17:50 -------- d-----w- c:\programdata\TuneUp Software
2010-06-01 17:48 . 2010-06-01 17:48 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-31 22:00 . 2010-05-31 22:00 8463808 ----a-w- c:\users\Dung\AppData\Roaming\Azureus\tmp\AZU4094963735759562336.tmp\Vuze_4.4.0.4_win32.exe
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\users\Dung\AppData\Roaming\Yahoo!
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\programdata\Yahoo! Companion
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\program files\Yahoo!
2010-05-29 09:51 . 2010-05-29 09:51 -------- d-----w- c:\users\Dung\AppData\Roaming\MailFrontier
2010-05-28 23:57 . 2010-05-29 09:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-28 23:57 . 2010-05-29 09:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-28 23:55 . 2010-05-28 23:55 16409960 ----a-w- c:\users\Dung\spybotsd162.exe
2010-05-28 23:55 . 2010-05-28 23:55 -------- d-----w- c:\users\Dung\AppData\Roaming\CheckPoint
2010-05-28 23:54 . 2010-05-28 23:54 -------- d-----w- c:\program files\CheckPoint
2010-05-28 23:54 . 2010-03-24 17:10 72584 ----a-w- c:\windows\zllsputility.exe
2010-05-28 23:54 . 2009-10-12 16:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-05-28 23:52 . 2010-03-24 17:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-28 23:52 . 2010-03-24 17:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-28 23:49 . 2010-05-28 23:49 137174408 ----a-w- c:\users\Dung\zaSuiteSetup_91_507_000_en.exe
2010-05-26 17:29 . 2010-05-26 17:29 -------- d-----w- c:\users\Dung\AppData\Roaming\Uniblue
2010-05-26 16:23 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-20 16:09 . 2010-05-20 16:49 -------- d-----w- c:\users\Dung\AdSigner
2010-05-14 15:03 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 12:24 . 2010-05-11 12:24 -------- d-----w- c:\users\Dung\AppData\Local\Ahead
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 17:46 . 2008-01-21 08:40 672322 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-06 17:46 . 2008-01-21 08:40 124434 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-03 23:12 . 2008-11-11 03:53 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-03 21:47 . 2010-06-03 21:47 1328343 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-06-03 21:37 . 2010-06-03 22:37 8704 ----a-w- c:\windows\Internet Logs\xDB872D.tmp
2010-06-03 21:36 . 2010-06-03 21:37 84992 ----a-w- c:\windows\Internet Logs\xDB86D0.tmp
2010-06-03 21:22 . 2010-06-03 21:23 444416 ----a-w- c:\windows\Internet Logs\xDB8643.tmp
2010-06-03 20:14 . 2008-11-11 04:44 -------- d-----w- c:\program files\Intel
2010-06-03 20:13 . 2008-11-11 04:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-03 19:12 . 2010-03-24 23:31 -------- d-----w- c:\program files\ma-config.com
2010-06-03 19:12 . 2010-03-24 23:31 -------- d-----w- c:\programdata\ma-config.com
2010-06-03 05:00 . 2010-06-03 14:52 282624 ----a-w- c:\windows\Internet Logs\xDBA133.tmp
2010-06-02 17:18 . 2010-06-02 17:19 77312 ----a-w- c:\windows\Internet Logs\xDB8E2F.tmp
2010-06-02 04:58 . 2010-06-02 16:37 66048 ----a-w- c:\windows\Internet Logs\xDBA43F.tmp
2010-06-02 04:44 . 2010-06-02 04:45 712192 ----a-w- c:\windows\Internet Logs\xDB9051.tmp
2010-06-01 05:14 . 2009-10-07 18:02 -------- d-----w- c:\users\Dung\AppData\Roaming\Azureus
2010-05-31 22:37 . 2010-04-18 20:10 -------- d-----w- c:\users\Dung\AppData\Roaming\vlc
2010-05-31 22:00 . 2009-10-23 05:23 -------- d-----w- c:\program files\avi
2010-05-30 20:09 . 2010-05-31 05:46 2027520 ----a-w- c:\windows\Internet Logs\xDB9A7F.tmp
2010-05-28 23:56 . 2010-05-28 23:51 422036 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-05-28 23:51 . 2010-05-28 23:51 -------- d-----w- c:\program files\Zone Labs
2010-05-28 23:51 . 2010-05-28 23:51 -------- d-----w- c:\programdata\CheckPoint
2010-05-27 19:16 . 2010-03-25 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 21:19 . 2010-03-25 22:41 -------- d-----w- c:\program files\Trend Micro
2010-05-25 22:25 . 2009-07-31 23:22 -------- d-----w- c:\program files\Autres
2010-05-19 10:56 . 2010-01-22 21:46 -------- d-----w- c:\users\Dung\AppData\Roaming\Winamp
2010-05-17 17:46 . 2009-07-31 19:57 64 ----a-w- c:\users\Dung\errorlog.tmp
2010-05-14 17:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-14 17:23 . 2008-11-11 04:58 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-10-02 23:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 22:16 . 2009-09-10 21:37 -------- d-----w- c:\program files\Freecorder
2010-04-29 13:39 . 2010-03-25 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-03-25 23:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 19:41 . 2010-04-18 19:00 -------- d-----w- c:\program files\WinFreeTV
2010-04-18 19:40 . 2010-04-18 18:49 -------- d-----w- c:\program files\adslTV
2010-04-18 19:07 . 2010-04-18 19:07 0 ----a-w- c:\windows\nsreg.dat
2010-04-18 07:51 . 2009-07-31 20:44 -------- d-----w- c:\program files\VideoLAN
2010-04-18 07:03 . 2010-04-18 06:52 -------- d-----w- c:\users\Dung\AppData\Roaming\Todae
2010-04-13 14:57 . 2009-07-30 21:16 -------- d-----w- c:\program files\Google
2010-03-25 22:41 . 2010-03-25 22:41 812344 ----a-w- c:\program files\HJTInstall.exe
2010-03-24 17:10 . 2010-05-28 23:51 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-03-24 08:36 . 2010-05-28 23:51 461000 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-02-22 21:29 . 2010-02-22 21:29 8874432 ----a-w- c:\program files\Vuze_4.3.1.4_windows.exe
2010-01-22 21:45 . 2010-01-22 21:45 11220448 ----a-w- c:\program files\winamp5572_full_emusic-7plus_fr-fr.exe
2010-01-02 23:28 . 2010-01-02 23:28 1443065 ----a-w- c:\program files\wrar390fr.exe
2010-01-02 23:23 . 2010-01-02 23:22 1056829 ----a-w- c:\program files\vistazip.zip
2009-10-07 18:01 . 2009-10-07 18:01 10628544 ----a-w- c:\program files\Vuze_4.2.0.8a_windows.exe
2008-09-19 09:30 . 2008-11-11 12:48 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\ES\~WRL0005.tmp
2008-09-19 09:30 . 2008-11-11 12:48 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\S0\~WRL0005.tmp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-06 1041704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-18 154136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-18 178712]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-07-03 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-03-24 1038728]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-03-16 730480]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-04-28 16:16 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9a,6c,4c,9d,ea,36,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1881811670-3986954646-902301592-1000]
"EnableNotificationsRef"=dword:00000002
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-05-11 271728]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R4 BarDiscover Service;BarDiscover Service;c:\programdata\BarDiscover\bardiscover125.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-01 108289]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-03-16 26232]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-03-16 488816]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-11-14 3881472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-11-14 54784]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-10-07 2473472]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-01-13 6628352]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms}
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Dung\AppData\Roaming\Mozilla\Firefox\Profiles\z9dv828s.default\
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 21:48
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\Dung\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1881811670-3986954646-902301592-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,e0,75,5c,c8,8b,ef,31,68,2b,cc,29,c1,c4,79,33,ed,8a,92,99,72,
26,66,bf,f3,09,b0,d3,64,67,b0,73,99,f2,02,de,3f,2a,0a,86,2b,b2,86,42,3a,c4,\
"rkeysecu"=hex:f9,12,84,6b,b2,d7,ab,d1,2b,ac,b2,71,6a,cd,f0,18
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(732)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Heure de fin: 2010-06-06 21:55:27
ComboFix-quarantined-files.txt 2010-06-06 19:55
Avant-CF: 257 101 209 600 octets libres
Après-CF: 257 088 065 536 octets libres
- - End Of File - - E568E8AE48DB84301A5543511358CEC8
ComboFix 10-06-06.01 - Dung 06/06/2010 21:25:25.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3036.1645 [GMT 2:00]
Lancé depuis: c:\users\Dung\Desktop\ComboFix.exe
SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un antivirus résident est actif
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Dung\eMule0.49c-Installer.exe
c:\users\Dung\install_www--1421-eMule.exe
c:\users\Dung\OOo_3.1.0_Win32Intel_install_wJRE_fr.exe
c:\users\Dung\unlocker1.8.7.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-06 au 2010-06-06 ))))))))))))))))))))))))))))))))))))
.
2010-06-06 19:47 . 2010-06-06 19:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-03 21:53 . 2010-06-03 21:53 -------- d-----w- c:\programdata\WindowsSearch
2010-06-03 20:35 . 2010-06-03 20:35 -------- d-----w- c:\users\Dung\AppData\Roaming\Intel Corporation
2010-06-03 20:14 . 2006-11-02 06:21 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-06-03 20:13 . 2010-03-03 17:33 435736 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-03 20:09 . 2010-06-03 20:09 -------- d-----w- c:\users\Dung\AppData\Roaming\Intel
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\program files\Cisco
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\program files\Common Files\Intel
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\programdata\Intel
2010-06-03 03:28 . 2010-06-03 03:28 107680 ----a-w- c:\users\Dung\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-01 19:15 . 2010-06-02 17:21 -------- d-----w- C:\Kill'em
2010-06-01 19:15 . 2010-06-03 03:27 -------- d-----w- c:\program files\List_Kill'em
2010-06-01 18:23 . 2010-06-01 18:26 -------- d-----w- c:\program files\ZHPDiag
2010-06-01 17:51 . 2010-05-07 16:07 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-06-01 17:51 . 2010-05-07 16:01 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-06-01 17:51 . 2010-05-07 16:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-06-01 17:50 . 2010-06-01 17:50 -------- d-----w- c:\users\Dung\AppData\Roaming\TuneUp Software
2010-06-01 17:50 . 2010-06-01 17:51 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-06-01 17:48 . 2010-06-01 17:50 -------- d-----w- c:\programdata\TuneUp Software
2010-06-01 17:48 . 2010-06-01 17:48 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-31 22:00 . 2010-05-31 22:00 8463808 ----a-w- c:\users\Dung\AppData\Roaming\Azureus\tmp\AZU4094963735759562336.tmp\Vuze_4.4.0.4_win32.exe
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\users\Dung\AppData\Roaming\Yahoo!
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\programdata\Yahoo! Companion
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\program files\Yahoo!
2010-05-29 09:51 . 2010-05-29 09:51 -------- d-----w- c:\users\Dung\AppData\Roaming\MailFrontier
2010-05-28 23:57 . 2010-05-29 09:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-28 23:57 . 2010-05-29 09:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-28 23:55 . 2010-05-28 23:55 16409960 ----a-w- c:\users\Dung\spybotsd162.exe
2010-05-28 23:55 . 2010-05-28 23:55 -------- d-----w- c:\users\Dung\AppData\Roaming\CheckPoint
2010-05-28 23:54 . 2010-05-28 23:54 -------- d-----w- c:\program files\CheckPoint
2010-05-28 23:54 . 2010-03-24 17:10 72584 ----a-w- c:\windows\zllsputility.exe
2010-05-28 23:54 . 2009-10-12 16:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-05-28 23:52 . 2010-03-24 17:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-28 23:52 . 2010-03-24 17:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-28 23:49 . 2010-05-28 23:49 137174408 ----a-w- c:\users\Dung\zaSuiteSetup_91_507_000_en.exe
2010-05-26 17:29 . 2010-05-26 17:29 -------- d-----w- c:\users\Dung\AppData\Roaming\Uniblue
2010-05-26 16:23 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-20 16:09 . 2010-05-20 16:49 -------- d-----w- c:\users\Dung\AdSigner
2010-05-14 15:03 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 12:24 . 2010-05-11 12:24 -------- d-----w- c:\users\Dung\AppData\Local\Ahead
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 17:46 . 2008-01-21 08:40 672322 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-06 17:46 . 2008-01-21 08:40 124434 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-03 23:12 . 2008-11-11 03:53 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-03 21:47 . 2010-06-03 21:47 1328343 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-06-03 21:37 . 2010-06-03 22:37 8704 ----a-w- c:\windows\Internet Logs\xDB872D.tmp
2010-06-03 21:36 . 2010-06-03 21:37 84992 ----a-w- c:\windows\Internet Logs\xDB86D0.tmp
2010-06-03 21:22 . 2010-06-03 21:23 444416 ----a-w- c:\windows\Internet Logs\xDB8643.tmp
2010-06-03 20:14 . 2008-11-11 04:44 -------- d-----w- c:\program files\Intel
2010-06-03 20:13 . 2008-11-11 04:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-03 19:12 . 2010-03-24 23:31 -------- d-----w- c:\program files\ma-config.com
2010-06-03 19:12 . 2010-03-24 23:31 -------- d-----w- c:\programdata\ma-config.com
2010-06-03 05:00 . 2010-06-03 14:52 282624 ----a-w- c:\windows\Internet Logs\xDBA133.tmp
2010-06-02 17:18 . 2010-06-02 17:19 77312 ----a-w- c:\windows\Internet Logs\xDB8E2F.tmp
2010-06-02 04:58 . 2010-06-02 16:37 66048 ----a-w- c:\windows\Internet Logs\xDBA43F.tmp
2010-06-02 04:44 . 2010-06-02 04:45 712192 ----a-w- c:\windows\Internet Logs\xDB9051.tmp
2010-06-01 05:14 . 2009-10-07 18:02 -------- d-----w- c:\users\Dung\AppData\Roaming\Azureus
2010-05-31 22:37 . 2010-04-18 20:10 -------- d-----w- c:\users\Dung\AppData\Roaming\vlc
2010-05-31 22:00 . 2009-10-23 05:23 -------- d-----w- c:\program files\avi
2010-05-30 20:09 . 2010-05-31 05:46 2027520 ----a-w- c:\windows\Internet Logs\xDB9A7F.tmp
2010-05-28 23:56 . 2010-05-28 23:51 422036 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-05-28 23:51 . 2010-05-28 23:51 -------- d-----w- c:\program files\Zone Labs
2010-05-28 23:51 . 2010-05-28 23:51 -------- d-----w- c:\programdata\CheckPoint
2010-05-27 19:16 . 2010-03-25 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 21:19 . 2010-03-25 22:41 -------- d-----w- c:\program files\Trend Micro
2010-05-25 22:25 . 2009-07-31 23:22 -------- d-----w- c:\program files\Autres
2010-05-19 10:56 . 2010-01-22 21:46 -------- d-----w- c:\users\Dung\AppData\Roaming\Winamp
2010-05-17 17:46 . 2009-07-31 19:57 64 ----a-w- c:\users\Dung\errorlog.tmp
2010-05-14 17:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-14 17:23 . 2008-11-11 04:58 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-10-02 23:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 22:16 . 2009-09-10 21:37 -------- d-----w- c:\program files\Freecorder
2010-04-29 13:39 . 2010-03-25 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-03-25 23:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 19:41 . 2010-04-18 19:00 -------- d-----w- c:\program files\WinFreeTV
2010-04-18 19:40 . 2010-04-18 18:49 -------- d-----w- c:\program files\adslTV
2010-04-18 19:07 . 2010-04-18 19:07 0 ----a-w- c:\windows\nsreg.dat
2010-04-18 07:51 . 2009-07-31 20:44 -------- d-----w- c:\program files\VideoLAN
2010-04-18 07:03 . 2010-04-18 06:52 -------- d-----w- c:\users\Dung\AppData\Roaming\Todae
2010-04-13 14:57 . 2009-07-30 21:16 -------- d-----w- c:\program files\Google
2010-03-25 22:41 . 2010-03-25 22:41 812344 ----a-w- c:\program files\HJTInstall.exe
2010-03-24 17:10 . 2010-05-28 23:51 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-03-24 08:36 . 2010-05-28 23:51 461000 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-02-22 21:29 . 2010-02-22 21:29 8874432 ----a-w- c:\program files\Vuze_4.3.1.4_windows.exe
2010-01-22 21:45 . 2010-01-22 21:45 11220448 ----a-w- c:\program files\winamp5572_full_emusic-7plus_fr-fr.exe
2010-01-02 23:28 . 2010-01-02 23:28 1443065 ----a-w- c:\program files\wrar390fr.exe
2010-01-02 23:23 . 2010-01-02 23:22 1056829 ----a-w- c:\program files\vistazip.zip
2009-10-07 18:01 . 2009-10-07 18:01 10628544 ----a-w- c:\program files\Vuze_4.2.0.8a_windows.exe
2008-09-19 09:30 . 2008-11-11 12:48 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\ES\~WRL0005.tmp
2008-09-19 09:30 . 2008-11-11 12:48 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\S0\~WRL0005.tmp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-06 1041704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-18 154136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-18 178712]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-07-03 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-03-24 1038728]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-03-16 730480]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-04-28 16:16 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9a,6c,4c,9d,ea,36,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1881811670-3986954646-902301592-1000]
"EnableNotificationsRef"=dword:00000002
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-05-11 271728]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R4 BarDiscover Service;BarDiscover Service;c:\programdata\BarDiscover\bardiscover125.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-01 108289]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-03-16 26232]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-03-16 488816]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-11-14 3881472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-11-14 54784]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-10-07 2473472]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-01-13 6628352]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms}
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Dung\AppData\Roaming\Mozilla\Firefox\Profiles\z9dv828s.default\
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 21:48
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\Dung\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1881811670-3986954646-902301592-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,e0,75,5c,c8,8b,ef,31,68,2b,cc,29,c1,c4,79,33,ed,8a,92,99,72,
26,66,bf,f3,09,b0,d3,64,67,b0,73,99,f2,02,de,3f,2a,0a,86,2b,b2,86,42,3a,c4,\
"rkeysecu"=hex:f9,12,84,6b,b2,d7,ab,d1,2b,ac,b2,71,6a,cd,f0,18
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(732)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Heure de fin: 2010-06-06 21:55:27
ComboFix-quarantined-files.txt 2010-06-06 19:55
Avant-CF: 257 101 209 600 octets libres
Après-CF: 257 088 065 536 octets libres
- - End Of File - - E568E8AE48DB84301A5543511358CEC8
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
1)
as tu bien du zone alarme sur ton pc ?
mal configuré ou installé il peut être un grox frein à internet
2)
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier :
c:\programdata\BarDiscover\bardiscover125.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Si tu ne trouves pas le fichier alors
Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cachés
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «appliquer» pour valider les changements.
Et OK
tuto pour t'aider
http://www.bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm
as tu bien du zone alarme sur ton pc ?
mal configuré ou installé il peut être un grox frein à internet
2)
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier :
c:\programdata\BarDiscover\bardiscover125.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Si tu ne trouves pas le fichier alors
Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cachés
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «appliquer» pour valider les changements.
Et OK
tuto pour t'aider
http://www.bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm
Télécharge SEAF ( de C__XX ) sur ton bureau :
ici http://pagesperso-orange.fr/NosTools/C_XX/SEAF.exe
* Double clique sur "SEAF.exe" ( clique droit et "Exécuter en tant qu'administrateur" pour Vista / 7 ) pour lancer l'outil.
* Dans l'encardré blanc " Entrez ci dessous...." copie/colle ceci :
bardiscover125.exe
* Au niveau des " options des fichiers ", fait les réglages suivant :
> A "Calculer le checksum" , choisis : MD5
> Coche la case devant " Info. supplémentaire ".
> Coche la case devant " Afficher les ADS "
* Au niveau des " options du registre " :
> coche " chercher également dans le registre "
( ne touche à aucun autre réglage )
* Clique sur " Lancer la recherche " et laisse travailler l'outil ...
( cela peut-être plus ou moins long suivant les cas ).
--> Une fois terminé, une fenêtre avec un log .txt va s'afficher. Enregistre ce rapport de façon à le retrouver facilement ( sur le bureau par exemple ). Sinon il sera en outre sauvegardé à la racine de ton disque dur ( ici > C:\SEAFLog.txt )
ici http://pagesperso-orange.fr/NosTools/C_XX/SEAF.exe
* Double clique sur "SEAF.exe" ( clique droit et "Exécuter en tant qu'administrateur" pour Vista / 7 ) pour lancer l'outil.
* Dans l'encardré blanc " Entrez ci dessous...." copie/colle ceci :
bardiscover125.exe
* Au niveau des " options des fichiers ", fait les réglages suivant :
> A "Calculer le checksum" , choisis : MD5
> Coche la case devant " Info. supplémentaire ".
> Coche la case devant " Afficher les ADS "
* Au niveau des " options du registre " :
> coche " chercher également dans le registre "
( ne touche à aucun autre réglage )
* Clique sur " Lancer la recherche " et laisse travailler l'outil ...
( cela peut-être plus ou moins long suivant les cas ).
--> Une fois terminé, une fenêtre avec un log .txt va s'afficher. Enregistre ce rapport de façon à le retrouver facilement ( sur le bureau par exemple ). Sinon il sera en outre sauvegardé à la racine de ton disque dur ( ici > C:\SEAFLog.txt )
1. ========================= SEAF 1.0.0.7 - C_XX
2.
3. Commencé à: 23:46:09 le 06/06/2010
4.
5. Valeur(s) recherchée(s):
6.
7. bardiscover125.exe
8.
9. (!) --- Calcul du Hash "MD5"
10. (!) --- Affichage des ADS
11. (!) --- Informations supplémentaires
12. (!) --- Recherche registre
13.
14. ====== Fichier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
15.
16. Aucun fichier trouvé
17.
18. ====== Dossier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
19.
20. Aucun dossier trouvé
21.
22.
23. ====== Entrée(s) du registre ======
24.
25.
26.
27. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BarDiscover Service]
28. "ImagePath"=""C:\ProgramData\BarDiscover\bardiscover125.exe" "C:\Program Files\BarDiscover\bardiscover.dll" vxvawuskx"
29.
30. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BarDiscover Service]
31. "ImagePath"=""C:\ProgramData\BarDiscover\bardiscover125.exe" "C:\Program Files\BarDiscover\bardiscover.dll" vxvawuskx"
32.
33. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BarDiscover Service]
34. "ImagePath"=""C:\ProgramData\BarDiscover\bardiscover125.exe" "C:\Program Files\BarDiscover\bardiscover.dll" vxvawuskx"
35.
36. =========================
37.
38. Fin à: 23:51:25 le 06/06/2010 ( E.O.F )
2.
3. Commencé à: 23:46:09 le 06/06/2010
4.
5. Valeur(s) recherchée(s):
6.
7. bardiscover125.exe
8.
9. (!) --- Calcul du Hash "MD5"
10. (!) --- Affichage des ADS
11. (!) --- Informations supplémentaires
12. (!) --- Recherche registre
13.
14. ====== Fichier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
15.
16. Aucun fichier trouvé
17.
18. ====== Dossier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
19.
20. Aucun dossier trouvé
21.
22.
23. ====== Entrée(s) du registre ======
24.
25.
26.
27. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BarDiscover Service]
28. "ImagePath"=""C:\ProgramData\BarDiscover\bardiscover125.exe" "C:\Program Files\BarDiscover\bardiscover.dll" vxvawuskx"
29.
30. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BarDiscover Service]
31. "ImagePath"=""C:\ProgramData\BarDiscover\bardiscover125.exe" "C:\Program Files\BarDiscover\bardiscover.dll" vxvawuskx"
32.
33. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BarDiscover Service]
34. "ImagePath"=""C:\ProgramData\BarDiscover\bardiscover125.exe" "C:\Program Files\BarDiscover\bardiscover.dll" vxvawuskx"
35.
36. =========================
37.
38. Fin à: 23:51:25 le 06/06/2010 ( E.O.F )
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour bastien , il n'est pas transposable sur un autre ordinateur !
crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScript
Copies y ce texte dedans et enregistres le
KillAll::
Driver::
BarDiscover
* Désactive tes logiciels de protection
* Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScript
Copies y ce texte dedans et enregistres le
KillAll::
Driver::
BarDiscover
* Désactive tes logiciels de protection
* Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
bonsoir MdG,
comment ça va ce soir?
---------------
ComboFix 10-06-06.01 - Dung 07/06/2010 22:04:07.3.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3036.1665 [GMT 2:00]
Lancé depuis: c:\users\Dung\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Dung\Desktop\CFScript.txt.txt
SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un antivirus résident est actif
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-07 au 2010-06-07 ))))))))))))))))))))))))))))))))))))
.
2010-06-07 20:36 . 2010-06-07 20:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-07 20:36 . 2010-06-07 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-06 21:44 . 2010-06-06 21:51 -------- d-----w- c:\program files\SEAF
2010-06-06 21:40 . 2010-06-06 21:40 -------- d-----w- c:\programdata\Kaspersky SDK
2010-06-03 21:53 . 2010-06-03 21:53 -------- d-----w- c:\programdata\WindowsSearch
2010-06-03 20:35 . 2010-06-03 20:35 -------- d-----w- c:\users\Dung\AppData\Roaming\Intel Corporation
2010-06-03 20:14 . 2006-11-02 06:21 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-06-03 20:13 . 2010-03-03 17:33 435736 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-03 20:09 . 2010-06-03 20:09 -------- d-----w- c:\users\Dung\AppData\Roaming\Intel
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\program files\Cisco
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\program files\Common Files\Intel
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\programdata\Intel
2010-06-03 03:28 . 2010-06-03 03:28 107680 ----a-w- c:\users\Dung\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-01 19:15 . 2010-06-02 17:21 -------- d-----w- C:\Kill'em
2010-06-01 18:23 . 2010-06-06 22:03 -------- d-----w- c:\program files\ZHPDiag
2010-06-01 17:50 . 2010-06-01 17:50 -------- d-----w- c:\users\Dung\AppData\Roaming\TuneUp Software
2010-06-01 17:48 . 2010-06-06 22:06 -------- d-----w- c:\programdata\TuneUp Software
2010-06-01 17:48 . 2010-06-01 17:48 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\users\Dung\AppData\Roaming\Yahoo!
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\programdata\Yahoo! Companion
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\program files\Yahoo!
2010-05-29 09:51 . 2010-05-29 09:51 -------- d-----w- c:\users\Dung\AppData\Roaming\MailFrontier
2010-05-28 23:57 . 2010-05-29 09:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-28 23:57 . 2010-05-29 09:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-28 23:55 . 2010-05-28 23:55 16409960 ----a-w- c:\users\Dung\spybotsd162.exe
2010-05-28 23:55 . 2010-05-28 23:55 -------- d-----w- c:\users\Dung\AppData\Roaming\CheckPoint
2010-05-28 23:54 . 2010-05-28 23:54 -------- d-----w- c:\program files\CheckPoint
2010-05-28 23:54 . 2010-03-24 17:10 72584 ----a-w- c:\windows\zllsputility.exe
2010-05-28 23:54 . 2009-10-12 16:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-05-28 23:52 . 2010-03-24 17:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-28 23:52 . 2010-03-24 17:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-28 23:49 . 2010-05-28 23:49 137174408 ----a-w- c:\users\Dung\zaSuiteSetup_91_507_000_en.exe
2010-05-26 17:29 . 2010-05-26 17:29 -------- d-----w- c:\users\Dung\AppData\Roaming\Uniblue
2010-05-26 16:23 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-20 16:09 . 2010-05-20 16:49 -------- d-----w- c:\users\Dung\AdSigner
2010-05-14 15:03 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 12:24 . 2010-05-11 12:24 -------- d-----w- c:\users\Dung\AppData\Local\Ahead
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 20:36 . 2008-11-11 03:53 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-07 18:25 . 2008-01-21 08:40 672322 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-07 18:25 . 2008-01-21 08:40 124434 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-06 22:52 . 2010-04-18 20:10 -------- d-----w- c:\users\Dung\AppData\Roaming\vlc
2010-06-03 20:14 . 2008-11-11 04:44 -------- d-----w- c:\program files\Intel
2010-06-03 20:13 . 2008-11-11 04:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-03 19:12 . 2010-03-24 23:31 -------- d-----w- c:\program files\ma-config.com
2010-06-03 19:12 . 2010-03-24 23:31 -------- d-----w- c:\programdata\ma-config.com
2010-06-01 05:14 . 2009-10-07 18:02 -------- d-----w- c:\users\Dung\AppData\Roaming\Azureus
2010-05-31 22:00 . 2009-10-23 05:23 -------- d-----w- c:\program files\avi
2010-05-31 22:00 . 2010-05-31 22:00 8463808 ----a-w- c:\users\Dung\AppData\Roaming\Azureus\tmp\AZU4094963735759562336.tmp\Vuze_4.4.0.4_win32.exe
2010-05-28 23:56 . 2010-05-28 23:51 422036 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-05-28 23:51 . 2010-05-28 23:51 -------- d-----w- c:\program files\Zone Labs
2010-05-28 23:51 . 2010-05-28 23:51 -------- d-----w- c:\programdata\CheckPoint
2010-05-27 19:16 . 2010-03-25 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 21:19 . 2010-03-25 22:41 -------- d-----w- c:\program files\Trend Micro
2010-05-25 22:25 . 2009-07-31 23:22 -------- d-----w- c:\program files\Autres
2010-05-19 10:56 . 2010-01-22 21:46 -------- d-----w- c:\users\Dung\AppData\Roaming\Winamp
2010-05-17 17:46 . 2009-07-31 19:57 64 ----a-w- c:\users\Dung\errorlog.tmp
2010-05-14 17:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-14 17:23 . 2008-11-11 04:58 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-10-02 23:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 22:16 . 2009-09-10 21:37 -------- d-----w- c:\program files\Freecorder
2010-04-29 13:39 . 2010-03-25 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-03-25 23:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 19:41 . 2010-04-18 19:00 -------- d-----w- c:\program files\WinFreeTV
2010-04-18 19:40 . 2010-04-18 18:49 -------- d-----w- c:\program files\adslTV
2010-04-18 19:07 . 2010-04-18 19:07 0 ----a-w- c:\windows\nsreg.dat
2010-04-18 07:51 . 2009-07-31 20:44 -------- d-----w- c:\program files\VideoLAN
2010-04-18 07:03 . 2010-04-18 06:52 -------- d-----w- c:\users\Dung\AppData\Roaming\Todae
2010-04-13 14:57 . 2009-07-30 21:16 -------- d-----w- c:\program files\Google
2010-03-25 22:41 . 2010-03-25 22:41 812344 ----a-w- c:\program files\HJTInstall.exe
2010-03-24 17:10 . 2010-05-28 23:51 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-03-24 08:36 . 2010-05-28 23:51 461000 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-02-22 21:29 . 2010-02-22 21:29 8874432 ----a-w- c:\program files\Vuze_4.3.1.4_windows.exe
2010-01-22 21:45 . 2010-01-22 21:45 11220448 ----a-w- c:\program files\winamp5572_full_emusic-7plus_fr-fr.exe
2010-01-02 23:28 . 2010-01-02 23:28 1443065 ----a-w- c:\program files\wrar390fr.exe
2010-01-02 23:23 . 2010-01-02 23:22 1056829 ----a-w- c:\program files\vistazip.zip
2009-10-07 18:01 . 2009-10-07 18:01 10628544 ----a-w- c:\program files\Vuze_4.2.0.8a_windows.exe
2008-09-19 09:30 . 2008-11-11 12:48 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\ES\~WRL0005.tmp
2008-09-19 09:30 . 2008-11-11 12:48 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\S0\~WRL0005.tmp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-06 1041704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-18 154136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-18 178712]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-07-03 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-03-24 1038728]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-04-28 16:16 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9a,6c,4c,9d,ea,36,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1881811670-3986954646-902301592-1000]
"EnableNotificationsRef"=dword:00000002
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-05-11 271728]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R4 BarDiscover Service;BarDiscover Service;c:\programdata\BarDiscover\bardiscover125.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-01 108289]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-11-14 3881472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-11-14 54784]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-10-07 2473472]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-01-13 6628352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms}
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 22:41
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1881811670-3986954646-902301592-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,e0,75,5c,c8,8b,ef,31,68,2b,cc,29,c1,c4,79,33,ed,8a,92,99,72,
26,66,bf,f3,09,b0,d3,64,67,b0,73,99,f2,02,de,3f,2a,0a,86,2b,b2,86,42,3a,c4,\
"rkeysecu"=hex:f9,12,84,6b,b2,d7,ab,d1,2b,ac,b2,71,6a,cd,f0,18
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Packardbell\EcoBtn\EcoBtn.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2010-06-07 22:50:15 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-07 20:50
ComboFix2.txt 2010-06-06 19:55
Avant-CF: 258 177 679 360 octets libres
Après-CF: 258 644 787 200 octets libres
- - End Of File - - 538C071FBC6E08B989FA9D54A187A715
comment ça va ce soir?
---------------
ComboFix 10-06-06.01 - Dung 07/06/2010 22:04:07.3.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3036.1665 [GMT 2:00]
Lancé depuis: c:\users\Dung\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Dung\Desktop\CFScript.txt.txt
SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un antivirus résident est actif
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-07 au 2010-06-07 ))))))))))))))))))))))))))))))))))))
.
2010-06-07 20:36 . 2010-06-07 20:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-07 20:36 . 2010-06-07 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-06 21:44 . 2010-06-06 21:51 -------- d-----w- c:\program files\SEAF
2010-06-06 21:40 . 2010-06-06 21:40 -------- d-----w- c:\programdata\Kaspersky SDK
2010-06-03 21:53 . 2010-06-03 21:53 -------- d-----w- c:\programdata\WindowsSearch
2010-06-03 20:35 . 2010-06-03 20:35 -------- d-----w- c:\users\Dung\AppData\Roaming\Intel Corporation
2010-06-03 20:14 . 2006-11-02 06:21 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-06-03 20:13 . 2010-03-03 17:33 435736 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-03 20:09 . 2010-06-03 20:09 -------- d-----w- c:\users\Dung\AppData\Roaming\Intel
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\program files\Cisco
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\program files\Common Files\Intel
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\programdata\Intel
2010-06-03 03:28 . 2010-06-03 03:28 107680 ----a-w- c:\users\Dung\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-01 19:15 . 2010-06-02 17:21 -------- d-----w- C:\Kill'em
2010-06-01 18:23 . 2010-06-06 22:03 -------- d-----w- c:\program files\ZHPDiag
2010-06-01 17:50 . 2010-06-01 17:50 -------- d-----w- c:\users\Dung\AppData\Roaming\TuneUp Software
2010-06-01 17:48 . 2010-06-06 22:06 -------- d-----w- c:\programdata\TuneUp Software
2010-06-01 17:48 . 2010-06-01 17:48 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\users\Dung\AppData\Roaming\Yahoo!
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\programdata\Yahoo! Companion
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\program files\Yahoo!
2010-05-29 09:51 . 2010-05-29 09:51 -------- d-----w- c:\users\Dung\AppData\Roaming\MailFrontier
2010-05-28 23:57 . 2010-05-29 09:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-28 23:57 . 2010-05-29 09:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-28 23:55 . 2010-05-28 23:55 16409960 ----a-w- c:\users\Dung\spybotsd162.exe
2010-05-28 23:55 . 2010-05-28 23:55 -------- d-----w- c:\users\Dung\AppData\Roaming\CheckPoint
2010-05-28 23:54 . 2010-05-28 23:54 -------- d-----w- c:\program files\CheckPoint
2010-05-28 23:54 . 2010-03-24 17:10 72584 ----a-w- c:\windows\zllsputility.exe
2010-05-28 23:54 . 2009-10-12 16:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-05-28 23:52 . 2010-03-24 17:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-28 23:52 . 2010-03-24 17:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-28 23:49 . 2010-05-28 23:49 137174408 ----a-w- c:\users\Dung\zaSuiteSetup_91_507_000_en.exe
2010-05-26 17:29 . 2010-05-26 17:29 -------- d-----w- c:\users\Dung\AppData\Roaming\Uniblue
2010-05-26 16:23 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-20 16:09 . 2010-05-20 16:49 -------- d-----w- c:\users\Dung\AdSigner
2010-05-14 15:03 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 12:24 . 2010-05-11 12:24 -------- d-----w- c:\users\Dung\AppData\Local\Ahead
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 20:36 . 2008-11-11 03:53 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-07 18:25 . 2008-01-21 08:40 672322 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-07 18:25 . 2008-01-21 08:40 124434 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-06 22:52 . 2010-04-18 20:10 -------- d-----w- c:\users\Dung\AppData\Roaming\vlc
2010-06-03 20:14 . 2008-11-11 04:44 -------- d-----w- c:\program files\Intel
2010-06-03 20:13 . 2008-11-11 04:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-03 19:12 . 2010-03-24 23:31 -------- d-----w- c:\program files\ma-config.com
2010-06-03 19:12 . 2010-03-24 23:31 -------- d-----w- c:\programdata\ma-config.com
2010-06-01 05:14 . 2009-10-07 18:02 -------- d-----w- c:\users\Dung\AppData\Roaming\Azureus
2010-05-31 22:00 . 2009-10-23 05:23 -------- d-----w- c:\program files\avi
2010-05-31 22:00 . 2010-05-31 22:00 8463808 ----a-w- c:\users\Dung\AppData\Roaming\Azureus\tmp\AZU4094963735759562336.tmp\Vuze_4.4.0.4_win32.exe
2010-05-28 23:56 . 2010-05-28 23:51 422036 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-05-28 23:51 . 2010-05-28 23:51 -------- d-----w- c:\program files\Zone Labs
2010-05-28 23:51 . 2010-05-28 23:51 -------- d-----w- c:\programdata\CheckPoint
2010-05-27 19:16 . 2010-03-25 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 21:19 . 2010-03-25 22:41 -------- d-----w- c:\program files\Trend Micro
2010-05-25 22:25 . 2009-07-31 23:22 -------- d-----w- c:\program files\Autres
2010-05-19 10:56 . 2010-01-22 21:46 -------- d-----w- c:\users\Dung\AppData\Roaming\Winamp
2010-05-17 17:46 . 2009-07-31 19:57 64 ----a-w- c:\users\Dung\errorlog.tmp
2010-05-14 17:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-14 17:23 . 2008-11-11 04:58 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-10-02 23:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 22:16 . 2009-09-10 21:37 -------- d-----w- c:\program files\Freecorder
2010-04-29 13:39 . 2010-03-25 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-03-25 23:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 19:41 . 2010-04-18 19:00 -------- d-----w- c:\program files\WinFreeTV
2010-04-18 19:40 . 2010-04-18 18:49 -------- d-----w- c:\program files\adslTV
2010-04-18 19:07 . 2010-04-18 19:07 0 ----a-w- c:\windows\nsreg.dat
2010-04-18 07:51 . 2009-07-31 20:44 -------- d-----w- c:\program files\VideoLAN
2010-04-18 07:03 . 2010-04-18 06:52 -------- d-----w- c:\users\Dung\AppData\Roaming\Todae
2010-04-13 14:57 . 2009-07-30 21:16 -------- d-----w- c:\program files\Google
2010-03-25 22:41 . 2010-03-25 22:41 812344 ----a-w- c:\program files\HJTInstall.exe
2010-03-24 17:10 . 2010-05-28 23:51 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-03-24 08:36 . 2010-05-28 23:51 461000 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-02-22 21:29 . 2010-02-22 21:29 8874432 ----a-w- c:\program files\Vuze_4.3.1.4_windows.exe
2010-01-22 21:45 . 2010-01-22 21:45 11220448 ----a-w- c:\program files\winamp5572_full_emusic-7plus_fr-fr.exe
2010-01-02 23:28 . 2010-01-02 23:28 1443065 ----a-w- c:\program files\wrar390fr.exe
2010-01-02 23:23 . 2010-01-02 23:22 1056829 ----a-w- c:\program files\vistazip.zip
2009-10-07 18:01 . 2009-10-07 18:01 10628544 ----a-w- c:\program files\Vuze_4.2.0.8a_windows.exe
2008-09-19 09:30 . 2008-11-11 12:48 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\ES\~WRL0005.tmp
2008-09-19 09:30 . 2008-11-11 12:48 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\S0\~WRL0005.tmp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-06 1041704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-18 154136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-18 178712]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-07-03 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-03-24 1038728]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-04-28 16:16 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9a,6c,4c,9d,ea,36,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1881811670-3986954646-902301592-1000]
"EnableNotificationsRef"=dword:00000002
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-05-11 271728]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R4 BarDiscover Service;BarDiscover Service;c:\programdata\BarDiscover\bardiscover125.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-01 108289]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-11-14 3881472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-11-14 54784]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-10-07 2473472]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-01-13 6628352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms}
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 22:41
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1881811670-3986954646-902301592-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,e0,75,5c,c8,8b,ef,31,68,2b,cc,29,c1,c4,79,33,ed,8a,92,99,72,
26,66,bf,f3,09,b0,d3,64,67,b0,73,99,f2,02,de,3f,2a,0a,86,2b,b2,86,42,3a,c4,\
"rkeysecu"=hex:f9,12,84,6b,b2,d7,ab,d1,2b,ac,b2,71,6a,cd,f0,18
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Packardbell\EcoBtn\EcoBtn.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2010-06-07 22:50:15 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-07 20:50
ComboFix2.txt 2010-06-06 19:55
Avant-CF: 258 177 679 360 octets libres
Après-CF: 258 644 787 200 octets libres
- - End Of File - - 538C071FBC6E08B989FA9D54A187A715
Cambofix a detecté un truc qui s'appelle "EICAR-TEST-FILE"
il dit que c un "grand" danger
est ce que je dois le supprimer?
il dit que c un "grand" danger
est ce que je dois le supprimer?
1)
Cambofix a detecté un truc qui s'appelle "EICAR-TEST-FILE"
qui te signale ca, je ne suis pas sûr que ce soit combofix
sinon oui supprimes le
2)
retentes la manoeuvre combofix indiquée, ca semble avoir échoué
https://forums.commentcamarche.net/forum/affich-17923010-pc-rame-pitoyablement?page=2#37
Cambofix a detecté un truc qui s'appelle "EICAR-TEST-FILE"
qui te signale ca, je ne suis pas sûr que ce soit combofix
sinon oui supprimes le
2)
retentes la manoeuvre combofix indiquée, ca semble avoir échoué
https://forums.commentcamarche.net/forum/affich-17923010-pc-rame-pitoyablement?page=2#37
tu m'as posté le même rapport que le précédent
ComboFix 10-06-06.01 - Dung 07/06/2010 22:04:07.3.2 - x86
ComboFix 10-06-06.01 - Dung 07/06/2010 22:04:07.3.2 - x86
oups. désolé ^^
ComboFix 10-06-06.01 - Dung 08/06/2010 19:51:59.6.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3036.1736 [GMT 2:00]
Lancé depuis: c:\users\Dung\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Dung\Desktop\CFScript.txt
SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un antivirus résident est actif
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-08 au 2010-06-08 ))))))))))))))))))))))))))))))))))))
.
2010-06-08 18:32 . 2010-06-08 18:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-08 18:32 . 2010-06-08 18:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-07 20:50 . 2010-06-08 18:35 -------- d-----w- c:\users\Dung\AppData\Local\temp
2010-06-06 21:44 . 2010-06-06 21:51 -------- d-----w- c:\program files\SEAF
2010-06-06 21:40 . 2010-06-06 21:40 -------- d-----w- c:\programdata\Kaspersky SDK
2010-06-03 21:53 . 2010-06-03 21:53 -------- d-----w- c:\programdata\WindowsSearch
2010-06-03 20:35 . 2010-06-03 20:35 -------- d-----w- c:\users\Dung\AppData\Roaming\Intel Corporation
2010-06-03 20:14 . 2006-11-02 06:21 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-06-03 20:13 . 2010-03-03 17:33 435736 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-03 20:09 . 2010-06-03 20:09 -------- d-----w- c:\users\Dung\AppData\Roaming\Intel
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\program files\Cisco
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\program files\Common Files\Intel
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\programdata\Intel
2010-06-03 03:28 . 2010-06-03 03:28 107680 ----a-w- c:\users\Dung\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-01 19:15 . 2010-06-02 17:21 -------- d-----w- C:\Kill'em
2010-06-01 18:23 . 2010-06-06 22:03 -------- d-----w- c:\program files\ZHPDiag
2010-06-01 17:50 . 2010-06-01 17:50 -------- d-----w- c:\users\Dung\AppData\Roaming\TuneUp Software
2010-06-01 17:48 . 2010-06-06 22:06 -------- d-----w- c:\programdata\TuneUp Software
2010-06-01 17:48 . 2010-06-01 17:48 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\users\Dung\AppData\Roaming\Yahoo!
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\program files\Yahoo!
2010-05-29 09:51 . 2010-05-29 09:51 -------- d-----w- c:\users\Dung\AppData\Roaming\MailFrontier
2010-05-28 23:57 . 2010-05-29 09:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-28 23:57 . 2010-05-29 09:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-28 23:55 . 2010-05-28 23:55 16409960 ----a-w- c:\users\Dung\spybotsd162.exe
2010-05-28 23:55 . 2010-05-28 23:55 -------- d-----w- c:\users\Dung\AppData\Roaming\CheckPoint
2010-05-28 23:54 . 2010-05-28 23:54 -------- d-----w- c:\program files\CheckPoint
2010-05-28 23:54 . 2010-03-24 17:10 72584 ----a-w- c:\windows\zllsputility.exe
2010-05-28 23:54 . 2009-10-12 16:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-05-28 23:52 . 2010-03-24 17:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-28 23:52 . 2010-03-24 17:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-28 23:49 . 2010-05-28 23:49 137174408 ----a-w- c:\users\Dung\zaSuiteSetup_91_507_000_en.exe
2010-05-26 17:29 . 2010-05-26 17:29 -------- d-----w- c:\users\Dung\AppData\Roaming\Uniblue
2010-05-26 16:23 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-20 16:09 . 2010-05-20 16:49 -------- d-----w- c:\users\Dung\AdSigner
2010-05-14 15:03 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 12:24 . 2010-05-11 12:24 -------- d-----w- c:\users\Dung\AppData\Local\Ahead
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-08 18:33 . 2010-06-03 21:47 2866663 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-06-08 18:32 . 2010-06-08 18:34 2282496 ----a-w- c:\windows\Internet Logs\xDBB802.tmp
2010-06-08 18:32 . 2010-06-08 18:33 3250176 ----a-w- c:\windows\Internet Logs\xDBB619.tmp
2010-06-08 18:32 . 2008-11-11 03:53 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-08 16:31 . 2008-01-21 08:40 672322 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-08 16:31 . 2008-01-21 08:40 124434 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-07 22:02 . 2010-06-08 16:26 8704 ----a-w- c:\windows\Internet Logs\xDBAA76.tmp
2010-06-07 22:01 . 2010-06-07 22:02 2279936 ----a-w- c:\windows\Internet Logs\xDB94BA.tmp
2010-06-07 22:01 . 2010-06-07 22:02 764416 ----a-w- c:\windows\Internet Logs\xDB9273.tmp
2010-06-07 21:29 . 2010-06-07 21:30 3296768 ----a-w- c:\windows\Internet Logs\xDB872E.tmp
2010-06-07 20:51 . 2010-06-07 20:52 73216 ----a-w- c:\windows\Internet Logs\xDB8BFE.tmp
2010-06-07 18:18 . 2010-06-07 20:37 8704 ----a-w- c:\windows\Internet Logs\xDB8C1D.tmp
2010-06-06 22:54 . 2010-06-07 18:18 217088 ----a-w- c:\windows\Internet Logs\xDBA029.tmp
2010-06-06 22:52 . 2010-04-18 20:10 -------- d-----w- c:\users\Dung\AppData\Roaming\vlc
2010-06-06 21:26 . 2010-06-06 21:27 3337728 ----a-w- c:\windows\Internet Logs\xDBA400.tmp
2010-06-06 20:01 . 2010-06-06 20:02 2188288 ----a-w- c:\windows\Internet Logs\xDB8494.tmp
2010-06-06 20:01 . 2010-06-06 20:02 152576 ----a-w- c:\windows\Internet Logs\xDB826D.tmp
2010-06-03 21:37 . 2010-06-03 22:37 8704 ----a-w- c:\windows\Internet Logs\xDB872D.tmp
2010-06-03 21:36 . 2010-06-03 21:37 84992 ----a-w- c:\windows\Internet Logs\xDB86D0.tmp
2010-06-03 21:22 . 2010-06-03 21:23 444416 ----a-w- c:\windows\Internet Logs\xDB8643.tmp
2010-06-03 20:14 . 2008-11-11 04:44 -------- d-----w- c:\program files\Intel
2010-06-03 20:13 . 2008-11-11 04:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-03 19:12 . 2010-03-24 23:31 -------- d-----w- c:\program files\ma-config.com
2010-06-03 19:12 . 2010-03-24 23:31 -------- d-----w- c:\programdata\ma-config.com
2010-06-03 05:00 . 2010-06-03 14:52 282624 ----a-w- c:\windows\Internet Logs\xDBA133.tmp
2010-06-02 17:18 . 2010-06-02 17:19 77312 ----a-w- c:\windows\Internet Logs\xDB8E2F.tmp
2010-06-02 04:58 . 2010-06-02 16:37 66048 ----a-w- c:\windows\Internet Logs\xDBA43F.tmp
2010-06-02 04:44 . 2010-06-02 04:45 712192 ----a-w- c:\windows\Internet Logs\xDB9051.tmp
2010-06-01 05:14 . 2009-10-07 18:02 -------- d-----w- c:\users\Dung\AppData\Roaming\Azureus
2010-05-31 22:00 . 2009-10-23 05:23 -------- d-----w- c:\program files\avi
2010-05-31 22:00 . 2010-05-31 22:00 8463808 ----a-w- c:\users\Dung\AppData\Roaming\Azureus\tmp\AZU4094963735759562336.tmp\Vuze_4.4.0.4_win32.exe
2010-05-30 20:09 . 2010-05-31 05:46 2027520 ----a-w- c:\windows\Internet Logs\xDB9A7F.tmp
2010-05-28 23:56 . 2010-05-28 23:51 422036 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-05-28 23:51 . 2010-05-28 23:51 -------- d-----w- c:\program files\Zone Labs
2010-05-28 23:51 . 2010-05-28 23:51 -------- d-----w- c:\programdata\CheckPoint
2010-05-27 19:16 . 2010-03-25 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 21:19 . 2010-03-25 22:41 -------- d-----w- c:\program files\Trend Micro
2010-05-25 22:25 . 2009-07-31 23:22 -------- d-----w- c:\program files\Autres
2010-05-19 10:56 . 2010-01-22 21:46 -------- d-----w- c:\users\Dung\AppData\Roaming\Winamp
2010-05-14 17:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-14 17:23 . 2008-11-11 04:58 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-10-02 23:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 22:16 . 2009-09-10 21:37 -------- d-----w- c:\program files\Freecorder
2010-04-29 13:39 . 2010-03-25 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-03-25 23:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 19:41 . 2010-04-18 19:00 -------- d-----w- c:\program files\WinFreeTV
2010-04-18 19:40 . 2010-04-18 18:49 -------- d-----w- c:\program files\adslTV
2010-04-18 19:07 . 2010-04-18 19:07 0 ----a-w- c:\windows\nsreg.dat
2010-04-18 07:51 . 2009-07-31 20:44 -------- d-----w- c:\program files\VideoLAN
2010-04-18 07:03 . 2010-04-18 06:52 -------- d-----w- c:\users\Dung\AppData\Roaming\Todae
2010-04-13 14:57 . 2009-07-30 21:16 -------- d-----w- c:\program files\Google
2010-03-25 22:41 . 2010-03-25 22:41 812344 ----a-w- c:\program files\HJTInstall.exe
2010-03-24 17:10 . 2010-05-28 23:51 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-03-24 08:36 . 2010-05-28 23:51 461000 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-02-22 21:29 . 2010-02-22 21:29 8874432 ----a-w- c:\program files\Vuze_4.3.1.4_windows.exe
2010-01-22 21:45 . 2010-01-22 21:45 11220448 ----a-w- c:\program files\winamp5572_full_emusic-7plus_fr-fr.exe
2010-01-02 23:28 . 2010-01-02 23:28 1443065 ----a-w- c:\program files\wrar390fr.exe
2010-01-02 23:23 . 2010-01-02 23:22 1056829 ----a-w- c:\program files\vistazip.zip
2009-10-07 18:01 . 2009-10-07 18:01 10628544 ----a-w- c:\program files\Vuze_4.2.0.8a_windows.exe
2008-09-19 09:30 . 2008-11-11 12:48 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\ES\~WRL0005.tmp
2008-09-19 09:30 . 2008-11-11 12:48 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\S0\~WRL0005.tmp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-06 1041704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-18 154136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-18 178712]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-07-03 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-03-24 1038728]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-04-28 16:16 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9a,6c,4c,9d,ea,36,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1881811670-3986954646-902301592-1000]
"EnableNotificationsRef"=dword:00000002
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-05-11 271728]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R4 BarDiscover Service;BarDiscover Service;c:\programdata\BarDiscover\bardiscover125.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-01 108289]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-11-14 3881472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-11-14 54784]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-10-07 2473472]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-01-13 6628352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms}
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
**************************************************************************
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1881811670-3986954646-902301592-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,e0,75,5c,c8,8b,ef,31,68,2b,cc,29,c1,c4,79,33,ed,8a,92,99,72,
26,66,bf,f3,09,b0,d3,64,67,b0,73,99,f2,02,de,3f,2a,0a,86,2b,b2,86,42,3a,c4,\
"rkeysecu"=hex:f9,12,84,6b,b2,d7,ab,d1,2b,ac,b2,71,6a,cd,f0,18
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Packardbell\EcoBtn\EcoBtn.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2010-06-08 20:46:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-08 18:45
ComboFix2.txt 2010-06-07 20:50
ComboFix3.txt 2010-06-06 19:55
Avant-CF: 258 499 198 976 octets libres
Après-CF: 258 400 362 496 octets libres
- - End Of File - - 2D097442BC6EB6CE6BF7ECDF8308AD75
ComboFix 10-06-06.01 - Dung 08/06/2010 19:51:59.6.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3036.1736 [GMT 2:00]
Lancé depuis: c:\users\Dung\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Dung\Desktop\CFScript.txt
SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un antivirus résident est actif
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-08 au 2010-06-08 ))))))))))))))))))))))))))))))))))))
.
2010-06-08 18:32 . 2010-06-08 18:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-08 18:32 . 2010-06-08 18:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-07 20:50 . 2010-06-08 18:35 -------- d-----w- c:\users\Dung\AppData\Local\temp
2010-06-06 21:44 . 2010-06-06 21:51 -------- d-----w- c:\program files\SEAF
2010-06-06 21:40 . 2010-06-06 21:40 -------- d-----w- c:\programdata\Kaspersky SDK
2010-06-03 21:53 . 2010-06-03 21:53 -------- d-----w- c:\programdata\WindowsSearch
2010-06-03 20:35 . 2010-06-03 20:35 -------- d-----w- c:\users\Dung\AppData\Roaming\Intel Corporation
2010-06-03 20:14 . 2006-11-02 06:21 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-06-03 20:13 . 2010-03-03 17:33 435736 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-03 20:09 . 2010-06-03 20:09 -------- d-----w- c:\users\Dung\AppData\Roaming\Intel
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\program files\Cisco
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\program files\Common Files\Intel
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\programdata\Intel
2010-06-03 03:28 . 2010-06-03 03:28 107680 ----a-w- c:\users\Dung\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-01 19:15 . 2010-06-02 17:21 -------- d-----w- C:\Kill'em
2010-06-01 18:23 . 2010-06-06 22:03 -------- d-----w- c:\program files\ZHPDiag
2010-06-01 17:50 . 2010-06-01 17:50 -------- d-----w- c:\users\Dung\AppData\Roaming\TuneUp Software
2010-06-01 17:48 . 2010-06-06 22:06 -------- d-----w- c:\programdata\TuneUp Software
2010-06-01 17:48 . 2010-06-01 17:48 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\users\Dung\AppData\Roaming\Yahoo!
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\program files\Yahoo!
2010-05-29 09:51 . 2010-05-29 09:51 -------- d-----w- c:\users\Dung\AppData\Roaming\MailFrontier
2010-05-28 23:57 . 2010-05-29 09:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-28 23:57 . 2010-05-29 09:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-28 23:55 . 2010-05-28 23:55 16409960 ----a-w- c:\users\Dung\spybotsd162.exe
2010-05-28 23:55 . 2010-05-28 23:55 -------- d-----w- c:\users\Dung\AppData\Roaming\CheckPoint
2010-05-28 23:54 . 2010-05-28 23:54 -------- d-----w- c:\program files\CheckPoint
2010-05-28 23:54 . 2010-03-24 17:10 72584 ----a-w- c:\windows\zllsputility.exe
2010-05-28 23:54 . 2009-10-12 16:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-05-28 23:52 . 2010-03-24 17:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-28 23:52 . 2010-03-24 17:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-28 23:49 . 2010-05-28 23:49 137174408 ----a-w- c:\users\Dung\zaSuiteSetup_91_507_000_en.exe
2010-05-26 17:29 . 2010-05-26 17:29 -------- d-----w- c:\users\Dung\AppData\Roaming\Uniblue
2010-05-26 16:23 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-20 16:09 . 2010-05-20 16:49 -------- d-----w- c:\users\Dung\AdSigner
2010-05-14 15:03 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 12:24 . 2010-05-11 12:24 -------- d-----w- c:\users\Dung\AppData\Local\Ahead
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-08 18:33 . 2010-06-03 21:47 2866663 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-06-08 18:32 . 2010-06-08 18:34 2282496 ----a-w- c:\windows\Internet Logs\xDBB802.tmp
2010-06-08 18:32 . 2010-06-08 18:33 3250176 ----a-w- c:\windows\Internet Logs\xDBB619.tmp
2010-06-08 18:32 . 2008-11-11 03:53 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-08 16:31 . 2008-01-21 08:40 672322 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-08 16:31 . 2008-01-21 08:40 124434 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-07 22:02 . 2010-06-08 16:26 8704 ----a-w- c:\windows\Internet Logs\xDBAA76.tmp
2010-06-07 22:01 . 2010-06-07 22:02 2279936 ----a-w- c:\windows\Internet Logs\xDB94BA.tmp
2010-06-07 22:01 . 2010-06-07 22:02 764416 ----a-w- c:\windows\Internet Logs\xDB9273.tmp
2010-06-07 21:29 . 2010-06-07 21:30 3296768 ----a-w- c:\windows\Internet Logs\xDB872E.tmp
2010-06-07 20:51 . 2010-06-07 20:52 73216 ----a-w- c:\windows\Internet Logs\xDB8BFE.tmp
2010-06-07 18:18 . 2010-06-07 20:37 8704 ----a-w- c:\windows\Internet Logs\xDB8C1D.tmp
2010-06-06 22:54 . 2010-06-07 18:18 217088 ----a-w- c:\windows\Internet Logs\xDBA029.tmp
2010-06-06 22:52 . 2010-04-18 20:10 -------- d-----w- c:\users\Dung\AppData\Roaming\vlc
2010-06-06 21:26 . 2010-06-06 21:27 3337728 ----a-w- c:\windows\Internet Logs\xDBA400.tmp
2010-06-06 20:01 . 2010-06-06 20:02 2188288 ----a-w- c:\windows\Internet Logs\xDB8494.tmp
2010-06-06 20:01 . 2010-06-06 20:02 152576 ----a-w- c:\windows\Internet Logs\xDB826D.tmp
2010-06-03 21:37 . 2010-06-03 22:37 8704 ----a-w- c:\windows\Internet Logs\xDB872D.tmp
2010-06-03 21:36 . 2010-06-03 21:37 84992 ----a-w- c:\windows\Internet Logs\xDB86D0.tmp
2010-06-03 21:22 . 2010-06-03 21:23 444416 ----a-w- c:\windows\Internet Logs\xDB8643.tmp
2010-06-03 20:14 . 2008-11-11 04:44 -------- d-----w- c:\program files\Intel
2010-06-03 20:13 . 2008-11-11 04:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-03 19:12 . 2010-03-24 23:31 -------- d-----w- c:\program files\ma-config.com
2010-06-03 19:12 . 2010-03-24 23:31 -------- d-----w- c:\programdata\ma-config.com
2010-06-03 05:00 . 2010-06-03 14:52 282624 ----a-w- c:\windows\Internet Logs\xDBA133.tmp
2010-06-02 17:18 . 2010-06-02 17:19 77312 ----a-w- c:\windows\Internet Logs\xDB8E2F.tmp
2010-06-02 04:58 . 2010-06-02 16:37 66048 ----a-w- c:\windows\Internet Logs\xDBA43F.tmp
2010-06-02 04:44 . 2010-06-02 04:45 712192 ----a-w- c:\windows\Internet Logs\xDB9051.tmp
2010-06-01 05:14 . 2009-10-07 18:02 -------- d-----w- c:\users\Dung\AppData\Roaming\Azureus
2010-05-31 22:00 . 2009-10-23 05:23 -------- d-----w- c:\program files\avi
2010-05-31 22:00 . 2010-05-31 22:00 8463808 ----a-w- c:\users\Dung\AppData\Roaming\Azureus\tmp\AZU4094963735759562336.tmp\Vuze_4.4.0.4_win32.exe
2010-05-30 20:09 . 2010-05-31 05:46 2027520 ----a-w- c:\windows\Internet Logs\xDB9A7F.tmp
2010-05-28 23:56 . 2010-05-28 23:51 422036 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-05-28 23:51 . 2010-05-28 23:51 -------- d-----w- c:\program files\Zone Labs
2010-05-28 23:51 . 2010-05-28 23:51 -------- d-----w- c:\programdata\CheckPoint
2010-05-27 19:16 . 2010-03-25 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 21:19 . 2010-03-25 22:41 -------- d-----w- c:\program files\Trend Micro
2010-05-25 22:25 . 2009-07-31 23:22 -------- d-----w- c:\program files\Autres
2010-05-19 10:56 . 2010-01-22 21:46 -------- d-----w- c:\users\Dung\AppData\Roaming\Winamp
2010-05-14 17:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-14 17:23 . 2008-11-11 04:58 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-10-02 23:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 22:16 . 2009-09-10 21:37 -------- d-----w- c:\program files\Freecorder
2010-04-29 13:39 . 2010-03-25 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-03-25 23:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 19:41 . 2010-04-18 19:00 -------- d-----w- c:\program files\WinFreeTV
2010-04-18 19:40 . 2010-04-18 18:49 -------- d-----w- c:\program files\adslTV
2010-04-18 19:07 . 2010-04-18 19:07 0 ----a-w- c:\windows\nsreg.dat
2010-04-18 07:51 . 2009-07-31 20:44 -------- d-----w- c:\program files\VideoLAN
2010-04-18 07:03 . 2010-04-18 06:52 -------- d-----w- c:\users\Dung\AppData\Roaming\Todae
2010-04-13 14:57 . 2009-07-30 21:16 -------- d-----w- c:\program files\Google
2010-03-25 22:41 . 2010-03-25 22:41 812344 ----a-w- c:\program files\HJTInstall.exe
2010-03-24 17:10 . 2010-05-28 23:51 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-03-24 08:36 . 2010-05-28 23:51 461000 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-02-22 21:29 . 2010-02-22 21:29 8874432 ----a-w- c:\program files\Vuze_4.3.1.4_windows.exe
2010-01-22 21:45 . 2010-01-22 21:45 11220448 ----a-w- c:\program files\winamp5572_full_emusic-7plus_fr-fr.exe
2010-01-02 23:28 . 2010-01-02 23:28 1443065 ----a-w- c:\program files\wrar390fr.exe
2010-01-02 23:23 . 2010-01-02 23:22 1056829 ----a-w- c:\program files\vistazip.zip
2009-10-07 18:01 . 2009-10-07 18:01 10628544 ----a-w- c:\program files\Vuze_4.2.0.8a_windows.exe
2008-09-19 09:30 . 2008-11-11 12:48 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\ES\~WRL0005.tmp
2008-09-19 09:30 . 2008-11-11 12:48 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\S0\~WRL0005.tmp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-06 1041704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-18 154136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-18 178712]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-07-03 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-03-24 1038728]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-04-28 16:16 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9a,6c,4c,9d,ea,36,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1881811670-3986954646-902301592-1000]
"EnableNotificationsRef"=dword:00000002
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-05-11 271728]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R4 BarDiscover Service;BarDiscover Service;c:\programdata\BarDiscover\bardiscover125.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-01 108289]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-11-14 3881472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-11-14 54784]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-10-07 2473472]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-01-13 6628352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms}
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
**************************************************************************
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1881811670-3986954646-902301592-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,e0,75,5c,c8,8b,ef,31,68,2b,cc,29,c1,c4,79,33,ed,8a,92,99,72,
26,66,bf,f3,09,b0,d3,64,67,b0,73,99,f2,02,de,3f,2a,0a,86,2b,b2,86,42,3a,c4,\
"rkeysecu"=hex:f9,12,84,6b,b2,d7,ab,d1,2b,ac,b2,71,6a,cd,f0,18
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Packardbell\EcoBtn\EcoBtn.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2010-06-08 20:46:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-08 18:45
ComboFix2.txt 2010-06-07 20:50
ComboFix3.txt 2010-06-06 19:55
Avant-CF: 258 499 198 976 octets libres
Après-CF: 258 400 362 496 octets libres
- - End Of File - - 2D097442BC6EB6CE6BF7ECDF8308AD75
toujours pas bon
ou ca vient de ta manip ou de mon script
essayons ceci
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour bastien , il n'est pas transposable sur un autre ordinateur !
crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScript
Copies y ce texte dedans et enregistres le
KillAll::
Driver::
BarDiscover Service
NetSvc::
* Désactive tes logiciels de protection
* Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
ou ca vient de ta manip ou de mon script
essayons ceci
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour bastien , il n'est pas transposable sur un autre ordinateur !
crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScript
Copies y ce texte dedans et enregistres le
KillAll::
Driver::
BarDiscover Service
NetSvc::
* Désactive tes logiciels de protection
* Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
ComboFix 10-06-06.01 - Dung 09/06/2010 19:20:57.7.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3036.1676 [GMT 2:00]
Lancé depuis: c:\users\Dung\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Dung\Desktop\CFScript.txt
SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un antivirus résident est actif
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_BarDiscover Service
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-09 au 2010-06-09 ))))))))))))))))))))))))))))))))))))
.
2010-06-09 18:04 . 2010-06-09 18:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-09 18:04 . 2010-06-09 18:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-08 22:08 . 2010-06-08 22:09 680 ----a-w- c:\users\Dung\AppData\Local\d3d9caps.dat
2010-06-08 18:46 . 2010-06-09 18:09 -------- d-----w- c:\users\Dung\AppData\Local\temp
2010-06-06 21:40 . 2010-06-06 21:40 -------- d-----w- c:\programdata\Kaspersky SDK
2010-06-03 21:53 . 2010-06-03 21:53 -------- d-----w- c:\programdata\WindowsSearch
2010-06-03 20:35 . 2010-06-03 20:35 -------- d-----w- c:\users\Dung\AppData\Roaming\Intel Corporation
2010-06-03 20:14 . 2006-11-02 06:21 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-06-03 20:13 . 2008-05-07 09:40 317976 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-03 20:09 . 2010-06-03 20:09 -------- d-----w- c:\users\Dung\AppData\Roaming\Intel
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\program files\Cisco
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\program files\Common Files\Intel
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\programdata\Intel
2010-06-03 03:28 . 2010-06-03 03:28 107680 ----a-w- c:\users\Dung\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-01 19:15 . 2010-06-02 17:21 -------- d-----w- C:\Kill'em
2010-06-01 18:23 . 2010-06-06 22:03 -------- d-----w- c:\program files\ZHPDiag
2010-06-01 17:50 . 2010-06-01 17:50 -------- d-----w- c:\users\Dung\AppData\Roaming\TuneUp Software
2010-06-01 17:48 . 2010-06-06 22:06 -------- d-----w- c:\programdata\TuneUp Software
2010-06-01 17:48 . 2010-06-01 17:48 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\users\Dung\AppData\Roaming\Yahoo!
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\program files\Yahoo!
2010-05-29 09:51 . 2010-05-29 09:51 -------- d-----w- c:\users\Dung\AppData\Roaming\MailFrontier
2010-05-28 23:57 . 2010-05-29 09:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-28 23:57 . 2010-05-29 09:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-28 23:55 . 2010-05-28 23:55 16409960 ----a-w- c:\users\Dung\spybotsd162.exe
2010-05-28 23:55 . 2010-05-28 23:55 -------- d-----w- c:\users\Dung\AppData\Roaming\CheckPoint
2010-05-28 23:54 . 2010-05-28 23:54 -------- d-----w- c:\program files\CheckPoint
2010-05-28 23:54 . 2010-03-24 17:10 72584 ----a-w- c:\windows\zllsputility.exe
2010-05-28 23:54 . 2009-10-12 16:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-05-28 23:52 . 2010-03-24 17:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-28 23:52 . 2010-03-24 17:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-28 23:49 . 2010-05-28 23:49 137174408 ----a-w- c:\users\Dung\zaSuiteSetup_91_507_000_en.exe
2010-05-26 17:29 . 2010-05-26 17:29 -------- d-----w- c:\users\Dung\AppData\Roaming\Uniblue
2010-05-26 16:23 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-20 16:09 . 2010-05-20 16:49 -------- d-----w- c:\users\Dung\AdSigner
2010-05-14 15:03 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 12:24 . 2010-05-11 12:24 -------- d-----w- c:\users\Dung\AppData\Local\Ahead
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 18:06 . 2010-05-28 23:51 422037 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-06-09 18:05 . 2010-06-09 18:06 3226112 ----a-w- c:\windows\Internet Logs\xDBAB41.tmp
2010-06-09 18:05 . 2010-06-09 18:06 2296320 ----a-w- c:\windows\Internet Logs\xDBAE53.tmp
2010-06-09 18:05 . 2010-06-09 18:06 2296320 ----a-w- c:\windows\Internet Logs\xDBAD68.tmp
2010-06-09 18:04 . 2008-11-11 03:53 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-09 16:28 . 2008-01-21 08:40 672322 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-09 16:28 . 2008-01-21 08:40 124434 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-09 16:22 . 2008-11-11 04:44 -------- d-----w- c:\program files\Intel
2010-06-08 22:26 . 2010-06-09 16:22 2292736 ----a-w- c:\windows\Internet Logs\xDBAEEE.tmp
2010-06-08 22:26 . 2010-06-09 16:22 151552 ----a-w- c:\windows\Internet Logs\xDBAC98.tmp
2010-06-08 22:25 . 2010-04-18 20:10 -------- d-----w- c:\users\Dung\AppData\Roaming\vlc
2010-06-08 22:15 . 2009-10-23 05:23 -------- d-----w- c:\program files\avi
2010-06-08 18:33 . 2010-06-03 21:47 2866663 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-06-08 18:32 . 2010-06-08 18:34 2282496 ----a-w- c:\windows\Internet Logs\xDBB802.tmp
2010-06-08 18:32 . 2010-06-08 18:33 3250176 ----a-w- c:\windows\Internet Logs\xDBB619.tmp
2010-06-07 22:02 . 2010-06-08 16:26 8704 ----a-w- c:\windows\Internet Logs\xDBAA76.tmp
2010-06-07 22:01 . 2010-06-07 22:02 2279936 ----a-w- c:\windows\Internet Logs\xDB94BA.tmp
2010-06-07 22:01 . 2010-06-07 22:02 764416 ----a-w- c:\windows\Internet Logs\xDB9273.tmp
2010-06-07 21:29 . 2010-06-07 21:30 3296768 ----a-w- c:\windows\Internet Logs\xDB872E.tmp
2010-06-07 20:51 . 2010-06-07 20:52 73216 ----a-w- c:\windows\Internet Logs\xDB8BFE.tmp
2010-06-07 18:18 . 2010-06-07 20:37 8704 ----a-w- c:\windows\Internet Logs\xDB8C1D.tmp
2010-06-06 22:54 . 2010-06-07 18:18 217088 ----a-w- c:\windows\Internet Logs\xDBA029.tmp
2010-06-06 21:26 . 2010-06-06 21:27 3337728 ----a-w- c:\windows\Internet Logs\xDBA400.tmp
2010-06-06 20:01 . 2010-06-06 20:02 2188288 ----a-w- c:\windows\Internet Logs\xDB8494.tmp
2010-06-06 20:01 . 2010-06-06 20:02 152576 ----a-w- c:\windows\Internet Logs\xDB826D.tmp
2010-06-03 21:37 . 2010-06-03 22:37 8704 ----a-w- c:\windows\Internet Logs\xDB872D.tmp
2010-06-03 21:36 . 2010-06-03 21:37 84992 ----a-w- c:\windows\Internet Logs\xDB86D0.tmp
2010-06-03 21:22 . 2010-06-03 21:23 444416 ----a-w- c:\windows\Internet Logs\xDB8643.tmp
2010-06-03 20:13 . 2008-11-11 04:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-03 19:12 . 2010-03-24 23:31 -------- d-----w- c:\program files\ma-config.com
2010-06-03 19:12 . 2010-03-24 23:31 -------- d-----w- c:\programdata\ma-config.com
2010-06-03 05:00 . 2010-06-03 14:52 282624 ----a-w- c:\windows\Internet Logs\xDBA133.tmp
2010-06-02 17:18 . 2010-06-02 17:19 77312 ----a-w- c:\windows\Internet Logs\xDB8E2F.tmp
2010-06-02 04:58 . 2010-06-02 16:37 66048 ----a-w- c:\windows\Internet Logs\xDBA43F.tmp
2010-06-02 04:44 . 2010-06-02 04:45 712192 ----a-w- c:\windows\Internet Logs\xDB9051.tmp
2010-06-01 05:14 . 2009-10-07 18:02 -------- d-----w- c:\users\Dung\AppData\Roaming\Azureus
2010-05-31 22:00 . 2010-05-31 22:00 8463808 ----a-w- c:\users\Dung\AppData\Roaming\Azureus\tmp\AZU4094963735759562336.tmp\Vuze_4.4.0.4_win32.exe
2010-05-30 20:09 . 2010-05-31 05:46 2027520 ----a-w- c:\windows\Internet Logs\xDB9A7F.tmp
2010-05-28 23:51 . 2010-05-28 23:51 -------- d-----w- c:\program files\Zone Labs
2010-05-28 23:51 . 2010-05-28 23:51 -------- d-----w- c:\programdata\CheckPoint
2010-05-27 19:16 . 2010-03-25 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 21:19 . 2010-03-25 22:41 -------- d-----w- c:\program files\Trend Micro
2010-05-25 22:25 . 2009-07-31 23:22 -------- d-----w- c:\program files\Autres
2010-05-19 10:56 . 2010-01-22 21:46 -------- d-----w- c:\users\Dung\AppData\Roaming\Winamp
2010-05-14 17:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-14 17:23 . 2008-11-11 04:58 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-10-02 23:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 22:16 . 2009-09-10 21:37 -------- d-----w- c:\program files\Freecorder
2010-04-29 13:39 . 2010-03-25 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-03-25 23:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 19:41 . 2010-04-18 19:00 -------- d-----w- c:\program files\WinFreeTV
2010-04-18 19:40 . 2010-04-18 18:49 -------- d-----w- c:\program files\adslTV
2010-04-18 19:07 . 2010-04-18 19:07 0 ----a-w- c:\windows\nsreg.dat
2010-04-18 07:51 . 2009-07-31 20:44 -------- d-----w- c:\program files\VideoLAN
2010-04-18 07:03 . 2010-04-18 06:52 -------- d-----w- c:\users\Dung\AppData\Roaming\Todae
2010-04-13 14:57 . 2009-07-30 21:16 -------- d-----w- c:\program files\Google
2010-03-25 22:41 . 2010-03-25 22:41 812344 ----a-w- c:\program files\HJTInstall.exe
2010-03-24 17:10 . 2010-05-28 23:51 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-03-24 08:36 . 2010-05-28 23:51 461000 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-02-22 21:29 . 2010-02-22 21:29 8874432 ----a-w- c:\program files\Vuze_4.3.1.4_windows.exe
2010-01-22 21:45 . 2010-01-22 21:45 11220448 ----a-w- c:\program files\winamp5572_full_emusic-7plus_fr-fr.exe
2010-01-02 23:28 . 2010-01-02 23:28 1443065 ----a-w- c:\program files\wrar390fr.exe
2010-01-02 23:23 . 2010-01-02 23:22 1056829 ----a-w- c:\program files\vistazip.zip
2009-10-07 18:01 . 2009-10-07 18:01 10628544 ----a-w- c:\program files\Vuze_4.2.0.8a_windows.exe
2008-09-19 09:30 . 2008-11-11 12:48 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\ES\~WRL0005.tmp
2008-09-19 09:30 . 2008-11-11 12:48 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\S0\~WRL0005.tmp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-06 1041704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-18 154136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-18 178712]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-07-03 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-03-24 1038728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-04-28 16:16 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9a,6c,4c,9d,ea,36,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1881811670-3986954646-902301592-1000]
"EnableNotificationsRef"=dword:00000002
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-05-11 271728]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-01 108289]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-11-14 3881472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-11-14 54784]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-10-07 2473472]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-01-13 6628352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms}
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
**************************************************************************
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1881811670-3986954646-902301592-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,e0,75,5c,c8,8b,ef,31,68,2b,cc,29,c1,c4,79,33,ed,8a,92,99,72,
26,66,bf,f3,09,b0,d3,64,67,b0,73,99,f2,02,de,3f,2a,0a,86,2b,b2,86,42,3a,c4,\
"rkeysecu"=hex:f9,12,84,6b,b2,d7,ab,d1,2b,ac,b2,71,6a,cd,f0,18
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\windows\system32\conime.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Packardbell\EcoBtn\EcoBtn.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Heure de fin: 2010-06-09 20:18:16 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-09 18:17
ComboFix2.txt 2010-06-08 18:46
ComboFix3.txt 2010-06-07 20:50
ComboFix4.txt 2010-06-06 19:55
Avant-CF: 262 913 568 768 octets libres
Après-CF: 262 387 052 544 octets libres
- - End Of File - - 32F8F5F55EF5DF644B03AAA8A4A99D08
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3036.1676 [GMT 2:00]
Lancé depuis: c:\users\Dung\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Dung\Desktop\CFScript.txt
SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un antivirus résident est actif
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_BarDiscover Service
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-09 au 2010-06-09 ))))))))))))))))))))))))))))))))))))
.
2010-06-09 18:04 . 2010-06-09 18:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-09 18:04 . 2010-06-09 18:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-08 22:08 . 2010-06-08 22:09 680 ----a-w- c:\users\Dung\AppData\Local\d3d9caps.dat
2010-06-08 18:46 . 2010-06-09 18:09 -------- d-----w- c:\users\Dung\AppData\Local\temp
2010-06-06 21:40 . 2010-06-06 21:40 -------- d-----w- c:\programdata\Kaspersky SDK
2010-06-03 21:53 . 2010-06-03 21:53 -------- d-----w- c:\programdata\WindowsSearch
2010-06-03 20:35 . 2010-06-03 20:35 -------- d-----w- c:\users\Dung\AppData\Roaming\Intel Corporation
2010-06-03 20:14 . 2006-11-02 06:21 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-06-03 20:13 . 2008-05-07 09:40 317976 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-03 20:09 . 2010-06-03 20:09 -------- d-----w- c:\users\Dung\AppData\Roaming\Intel
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\program files\Cisco
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\program files\Common Files\Intel
2010-06-03 20:07 . 2010-06-03 20:07 -------- d-----w- c:\programdata\Intel
2010-06-03 03:28 . 2010-06-03 03:28 107680 ----a-w- c:\users\Dung\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-01 19:15 . 2010-06-02 17:21 -------- d-----w- C:\Kill'em
2010-06-01 18:23 . 2010-06-06 22:03 -------- d-----w- c:\program files\ZHPDiag
2010-06-01 17:50 . 2010-06-01 17:50 -------- d-----w- c:\users\Dung\AppData\Roaming\TuneUp Software
2010-06-01 17:48 . 2010-06-06 22:06 -------- d-----w- c:\programdata\TuneUp Software
2010-06-01 17:48 . 2010-06-01 17:48 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\users\Dung\AppData\Roaming\Yahoo!
2010-05-29 13:37 . 2010-05-29 13:37 -------- d-----w- c:\program files\Yahoo!
2010-05-29 09:51 . 2010-05-29 09:51 -------- d-----w- c:\users\Dung\AppData\Roaming\MailFrontier
2010-05-28 23:57 . 2010-05-29 09:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-28 23:57 . 2010-05-29 09:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-28 23:55 . 2010-05-28 23:55 16409960 ----a-w- c:\users\Dung\spybotsd162.exe
2010-05-28 23:55 . 2010-05-28 23:55 -------- d-----w- c:\users\Dung\AppData\Roaming\CheckPoint
2010-05-28 23:54 . 2010-05-28 23:54 -------- d-----w- c:\program files\CheckPoint
2010-05-28 23:54 . 2010-03-24 17:10 72584 ----a-w- c:\windows\zllsputility.exe
2010-05-28 23:54 . 2009-10-12 16:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-05-28 23:52 . 2010-03-24 17:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-28 23:52 . 2010-03-24 17:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-28 23:49 . 2010-05-28 23:49 137174408 ----a-w- c:\users\Dung\zaSuiteSetup_91_507_000_en.exe
2010-05-26 17:29 . 2010-05-26 17:29 -------- d-----w- c:\users\Dung\AppData\Roaming\Uniblue
2010-05-26 16:23 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-20 16:09 . 2010-05-20 16:49 -------- d-----w- c:\users\Dung\AdSigner
2010-05-14 15:03 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 12:24 . 2010-05-11 12:24 -------- d-----w- c:\users\Dung\AppData\Local\Ahead
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 18:06 . 2010-05-28 23:51 422037 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-06-09 18:05 . 2010-06-09 18:06 3226112 ----a-w- c:\windows\Internet Logs\xDBAB41.tmp
2010-06-09 18:05 . 2010-06-09 18:06 2296320 ----a-w- c:\windows\Internet Logs\xDBAE53.tmp
2010-06-09 18:05 . 2010-06-09 18:06 2296320 ----a-w- c:\windows\Internet Logs\xDBAD68.tmp
2010-06-09 18:04 . 2008-11-11 03:53 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-09 16:28 . 2008-01-21 08:40 672322 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-09 16:28 . 2008-01-21 08:40 124434 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-09 16:22 . 2008-11-11 04:44 -------- d-----w- c:\program files\Intel
2010-06-08 22:26 . 2010-06-09 16:22 2292736 ----a-w- c:\windows\Internet Logs\xDBAEEE.tmp
2010-06-08 22:26 . 2010-06-09 16:22 151552 ----a-w- c:\windows\Internet Logs\xDBAC98.tmp
2010-06-08 22:25 . 2010-04-18 20:10 -------- d-----w- c:\users\Dung\AppData\Roaming\vlc
2010-06-08 22:15 . 2009-10-23 05:23 -------- d-----w- c:\program files\avi
2010-06-08 18:33 . 2010-06-03 21:47 2866663 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-06-08 18:32 . 2010-06-08 18:34 2282496 ----a-w- c:\windows\Internet Logs\xDBB802.tmp
2010-06-08 18:32 . 2010-06-08 18:33 3250176 ----a-w- c:\windows\Internet Logs\xDBB619.tmp
2010-06-07 22:02 . 2010-06-08 16:26 8704 ----a-w- c:\windows\Internet Logs\xDBAA76.tmp
2010-06-07 22:01 . 2010-06-07 22:02 2279936 ----a-w- c:\windows\Internet Logs\xDB94BA.tmp
2010-06-07 22:01 . 2010-06-07 22:02 764416 ----a-w- c:\windows\Internet Logs\xDB9273.tmp
2010-06-07 21:29 . 2010-06-07 21:30 3296768 ----a-w- c:\windows\Internet Logs\xDB872E.tmp
2010-06-07 20:51 . 2010-06-07 20:52 73216 ----a-w- c:\windows\Internet Logs\xDB8BFE.tmp
2010-06-07 18:18 . 2010-06-07 20:37 8704 ----a-w- c:\windows\Internet Logs\xDB8C1D.tmp
2010-06-06 22:54 . 2010-06-07 18:18 217088 ----a-w- c:\windows\Internet Logs\xDBA029.tmp
2010-06-06 21:26 . 2010-06-06 21:27 3337728 ----a-w- c:\windows\Internet Logs\xDBA400.tmp
2010-06-06 20:01 . 2010-06-06 20:02 2188288 ----a-w- c:\windows\Internet Logs\xDB8494.tmp
2010-06-06 20:01 . 2010-06-06 20:02 152576 ----a-w- c:\windows\Internet Logs\xDB826D.tmp
2010-06-03 21:37 . 2010-06-03 22:37 8704 ----a-w- c:\windows\Internet Logs\xDB872D.tmp
2010-06-03 21:36 . 2010-06-03 21:37 84992 ----a-w- c:\windows\Internet Logs\xDB86D0.tmp
2010-06-03 21:22 . 2010-06-03 21:23 444416 ----a-w- c:\windows\Internet Logs\xDB8643.tmp
2010-06-03 20:13 . 2008-11-11 04:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-03 19:12 . 2010-03-24 23:31 -------- d-----w- c:\program files\ma-config.com
2010-06-03 19:12 . 2010-03-24 23:31 -------- d-----w- c:\programdata\ma-config.com
2010-06-03 05:00 . 2010-06-03 14:52 282624 ----a-w- c:\windows\Internet Logs\xDBA133.tmp
2010-06-02 17:18 . 2010-06-02 17:19 77312 ----a-w- c:\windows\Internet Logs\xDB8E2F.tmp
2010-06-02 04:58 . 2010-06-02 16:37 66048 ----a-w- c:\windows\Internet Logs\xDBA43F.tmp
2010-06-02 04:44 . 2010-06-02 04:45 712192 ----a-w- c:\windows\Internet Logs\xDB9051.tmp
2010-06-01 05:14 . 2009-10-07 18:02 -------- d-----w- c:\users\Dung\AppData\Roaming\Azureus
2010-05-31 22:00 . 2010-05-31 22:00 8463808 ----a-w- c:\users\Dung\AppData\Roaming\Azureus\tmp\AZU4094963735759562336.tmp\Vuze_4.4.0.4_win32.exe
2010-05-30 20:09 . 2010-05-31 05:46 2027520 ----a-w- c:\windows\Internet Logs\xDB9A7F.tmp
2010-05-28 23:51 . 2010-05-28 23:51 -------- d-----w- c:\program files\Zone Labs
2010-05-28 23:51 . 2010-05-28 23:51 -------- d-----w- c:\programdata\CheckPoint
2010-05-27 19:16 . 2010-03-25 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 21:19 . 2010-03-25 22:41 -------- d-----w- c:\program files\Trend Micro
2010-05-25 22:25 . 2009-07-31 23:22 -------- d-----w- c:\program files\Autres
2010-05-19 10:56 . 2010-01-22 21:46 -------- d-----w- c:\users\Dung\AppData\Roaming\Winamp
2010-05-14 17:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-14 17:23 . 2008-11-11 04:58 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-10-02 23:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 22:16 . 2009-09-10 21:37 -------- d-----w- c:\program files\Freecorder
2010-04-29 13:39 . 2010-03-25 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-03-25 23:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 19:41 . 2010-04-18 19:00 -------- d-----w- c:\program files\WinFreeTV
2010-04-18 19:40 . 2010-04-18 18:49 -------- d-----w- c:\program files\adslTV
2010-04-18 19:07 . 2010-04-18 19:07 0 ----a-w- c:\windows\nsreg.dat
2010-04-18 07:51 . 2009-07-31 20:44 -------- d-----w- c:\program files\VideoLAN
2010-04-18 07:03 . 2010-04-18 06:52 -------- d-----w- c:\users\Dung\AppData\Roaming\Todae
2010-04-13 14:57 . 2009-07-30 21:16 -------- d-----w- c:\program files\Google
2010-03-25 22:41 . 2010-03-25 22:41 812344 ----a-w- c:\program files\HJTInstall.exe
2010-03-24 17:10 . 2010-05-28 23:51 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-03-24 08:36 . 2010-05-28 23:51 461000 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-02-22 21:29 . 2010-02-22 21:29 8874432 ----a-w- c:\program files\Vuze_4.3.1.4_windows.exe
2010-01-22 21:45 . 2010-01-22 21:45 11220448 ----a-w- c:\program files\winamp5572_full_emusic-7plus_fr-fr.exe
2010-01-02 23:28 . 2010-01-02 23:28 1443065 ----a-w- c:\program files\wrar390fr.exe
2010-01-02 23:23 . 2010-01-02 23:22 1056829 ----a-w- c:\program files\vistazip.zip
2009-10-07 18:01 . 2009-10-07 18:01 10628544 ----a-w- c:\program files\Vuze_4.2.0.8a_windows.exe
2008-09-19 09:30 . 2008-11-11 12:48 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\ES\~WRL0005.tmp
2008-09-19 09:30 . 2008-11-11 12:48 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\S0\~WRL0005.tmp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-06 1041704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-18 154136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-18 178712]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-07-03 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-03-24 1038728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-04-28 16:16 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9a,6c,4c,9d,ea,36,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1881811670-3986954646-902301592-1000]
"EnableNotificationsRef"=dword:00000002
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-05-11 271728]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-01 108289]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-11-14 3881472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-11-14 54784]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-10-07 2473472]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-01-13 6628352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms}
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
**************************************************************************
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1881811670-3986954646-902301592-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,e0,75,5c,c8,8b,ef,31,68,2b,cc,29,c1,c4,79,33,ed,8a,92,99,72,
26,66,bf,f3,09,b0,d3,64,67,b0,73,99,f2,02,de,3f,2a,0a,86,2b,b2,86,42,3a,c4,\
"rkeysecu"=hex:f9,12,84,6b,b2,d7,ab,d1,2b,ac,b2,71,6a,cd,f0,18
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\windows\system32\conime.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Packardbell\EcoBtn\EcoBtn.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Heure de fin: 2010-06-09 20:18:16 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-09 18:17
ComboFix2.txt 2010-06-08 18:46
ComboFix3.txt 2010-06-07 20:50
ComboFix4.txt 2010-06-06 19:55
Avant-CF: 262 913 568 768 octets libres
Après-CF: 262 387 052 544 octets libres
- - End Of File - - 32F8F5F55EF5DF644B03AAA8A4A99D08
