Sujet Précédent Sujet Suivant

Google redirection

Fermé
Stefanb Messages postés 50 Date d'inscription samedi 12 juin 2010 Statut Membre Dernière intervention 26 juin 2010 - 12 juin 2010 à 18:04
Stefanb Messages postés 50 Date d'inscription samedi 12 juin 2010 Statut Membre Dernière intervention 26 juin 2010 - 12 juin 2010 à 23:00
Bonjour, apres une recherche sur google.ca si je choisi un lien je suis redigiré sur d'autre site

voici le hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:06, on 2010/06/12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\OMRON\FinsServerNT\bin\NsServer.exe
C:\WINDOWS\system32\NA_Service.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\XIPDRV.exe
C:\WINDOWS\system32\OpcEnum.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onlineregister.com/sonic/cgi/index.cgi?REFR=Roxio&LANG=FR&PAGE=thx&SNML=CZ6KZU9XY94LNP6T4|CVM8EL9RBDHANB73R|CFSKWG88D9RKQLFLP|SC-203B20Y&VRST=0235 (FR)&FNAM=St%C3%A9phane&LNAM=Benoit&EMAL=a@b.c&NTFY=1&PRDN=&YSNL=&PRNM=SCMain&SVTG=&SRNM=SC-203B20Y (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {04544F2C-DE92-4405-A4F3-D490DD1AA2F1} - C:\WINDOWS\system32\cmsetACL32.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu.ca/fr/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7019246-2A9E-484C-987D-22755FC92507}: NameServer = 192.168.124.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA644D57-BFA6-4CB6-B647-CC1925181DFF}: NameServer = 192.168.124.1
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLKPCI_UNIT0 - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\clkpciunit00.exe
O23 - Service: CLK_UNIT0 - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\clkunit.exe
O23 - Service: CPU_UNIT - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\CpuUnit.exe
O23 - Service: CS1BUS_UNIT0 - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\Cs1BusUnit0.exe
O23 - Service: CS1BUS_UNIT1 - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\Cs1BusUnit1.exe
O23 - Service: CS1BUS_UNIT2 - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\Cs1BusUnit2.exe
O23 - Service: CS1BUS_UNIT3 - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\Cs1BusUnit3.exe
O23 - Service: CS1SYS_UNIT0 - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\Cs1SysUnit0.exe
O23 - Service: CS1SYS_UNIT1 - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\Cs1SysUnit1.exe
O23 - Service: CS1SYS_UNIT2 - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\Cs1SysUnit2.exe
O23 - Service: CS1SYS_UNIT3 - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\Cs1SysUnit3.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FgwSocketProxy - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\FgwSocketProxy.exe
O23 - Service: Service Google Update (gupdate1c9df45942c48fc) (gupdate1c9df45942c48fc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MapAgent - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\MapAgent.exe
O23 - Service: NameSpaceServer - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\NsServer.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: SLKPCI_UNIT0 - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\slkpciunit00.exe
O23 - Service: SysmacBoard Unit - OMRON Corporation - C:\Program Files\OMRON\FinsServerNT\bin\SmapUnit.exe
O23 - Service: SysmacLink Unit - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\slkcons.exe
O23 - Service: Xway TCP/IP (XipConnect) - Schneider Automation - C:\WINDOWS\system32\XipConnect.exe
A voir également:

3 réponses

Réponse 1 / 3
Utilisateur anonyme
12 juin 2010 à 18:24
Bonsoir,

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

a+
1
Stefanb Messages postés 50 Date d'inscription samedi 12 juin 2010 Statut Membre Dernière intervention 26 juin 2010
12 juin 2010 à 20:17
Voici la premiere partir du log


ComboFix 10-06-11.01 - Administrateur 2010/06/12 12:49:59.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.2.1036.18.502.241 [GMT -4:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Application Data\02000000ba7b51a7918C.manifest
c:\documents and settings\Administrateur\Application Data\02000000ba7b51a7918O.manifest
c:\documents and settings\Administrateur\Application Data\02000000ba7b51a7918P.manifest
c:\documents and settings\Administrateur\Application Data\02000000ba7b51a7918S.manifest
c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ln5xfcmb.default\extensions\{99d4d6e7-7abc-4d06-9271-f2bc4dd00d25}
c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ln5xfcmb.default\extensions\{99d4d6e7-7abc-4d06-9271-f2bc4dd00d25}\chrome.manifest
c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ln5xfcmb.default\extensions\{99d4d6e7-7abc-4d06-9271-f2bc4dd00d25}\chrome\xulcache.jar
c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ln5xfcmb.default\extensions\{99d4d6e7-7abc-4d06-9271-f2bc4dd00d25}\defaults\preferences\xulcache.js
c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ln5xfcmb.default\extensions\{99d4d6e7-7abc-4d06-9271-f2bc4dd00d25}\install.rdf
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\program files\Shared
c:\program files\Shared\lib.sig
c:\windows\GnuHashes.ini
c:\windows\msv1_0.dll
c:\windows\system32\1851519874
c:\windows\system32\HLP95EN32.dll
c:\windows\system32\iasads32.dll
c:\windows\system32\SysWoW32
c:\windows\system32\SysWoW32\mu104058559v4
c:\windows\system32\SysWoW32\mu104058559v4.kwd
c:\windows\system32\SysWoW32\mu104058559v5
c:\windows\system32\SysWoW32\mu104058559v5.kwd
c:\windows\system32\SysWoW32\mu104058559v6
c:\windows\system32\SysWoW32\mu104058559v6.kwd
c:\windows\system32\SysWoW32\mu104058559v7
c:\windows\system32\SysWoW32\mu104058559v7.kwd
c:\windows\system32\SysWoW32\wu104058559v0
c:\windows\system32\SysWoW32\wu104058559v0.kwd
c:\windows\system32\SysWoW32\wu104058559v1
c:\windows\system32\SysWoW32\wu104058559v1.kwd
c:\windows\system32\SysWoW32\wu104058559v2
c:\windows\system32\SysWoW32\wu104058559v2.kwd
c:\windows\system32\SysWoW32\wu104058559v3
c:\windows\system32\SysWoW32\wu104058559v3.kwd
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.reg
c:\windows\system32\unrar.exe

Une copie infectée de c:\windows\system32\drivers\acpiec.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2010-05-12 au 2010-06-12 ))))))))))))))))))))))))))))))))))))
.

2010-06-12 13:41 . 2010-06-12 14:54 -------- d-----w- c:\program files\Ad-Remover
2010-06-12 03:58 . 2010-06-12 03:58 -------- d-----w- c:\windows\ERUNT
2010-06-12 03:48 . 2010-06-12 06:31 -------- d-----w- C:\SDFix
2010-06-06 16:48 . 2010-06-06 16:48 16384 ---ha-w- C:\SZKGFS.dat
2010-06-06 16:45 . 2010-06-06 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-06-06 16:44 . 2010-06-06 16:44 -------- d-----w- c:\program files\Fichiers communs\iS3
2010-06-06 16:44 . 2010-06-12 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-06-06 16:26 . 2010-06-06 16:26 -------- d-----w- c:\program files\Enigma Software Group
2010-06-06 16:25 . 2010-06-06 16:40 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-06-06 16:25 . 2010-06-06 16:25 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-06-02 02:12 . 2010-06-02 02:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-18 03:00 . 2010-05-18 03:00 279040 ----a-w- c:\windows\system32\davclnt32.dll
2010-05-18 02:39 . 2010-05-18 02:39 282112 ----a-w- c:\windows\system32\FgwCmnDlg32.dll
2010-05-18 02:38 . 2010-05-18 02:38 282112 ----a-w- c:\windows\system32\fxsclntR32.dll
2010-05-18 02:37 . 2010-05-18 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-05-18 02:36 . 2008-06-05 09:30 172032 ----a-w- c:\windows\system32\NetEdLib.dll
2010-05-18 02:36 . 2008-06-05 09:30 61440 ----a-w- c:\windows\system32\HEI32_3.DLL
2010-05-18 02:36 . 2008-06-05 09:30 303 ----a-w- c:\windows\DS500.bat
2010-05-18 02:36 . 2008-06-05 09:30 1478656 ----a-w- c:\windows\system32\HEIXTP86.dll
2010-05-18 02:36 . 2010-05-18 02:37 -------- d-----w- C:\HAPTools
2010-05-18 02:36 . 2010-05-18 18:01 -------- d-----w- C:\DirectSOFT5
2010-05-18 02:04 . 2010-05-18 03:22 -------- d-----w- c:\documents and settings\Administrateur\Incomplete
2010-05-18 02:04 . 2010-05-18 02:53 -------- d-----w- c:\documents and settings\Administrateur\Application Data\LimeWire
2010-05-18 02:03 . 2010-05-18 03:22 -------- d-----w- c:\documents and settings\Administrateur\Shared
2010-05-18 02:02 . 2010-05-18 02:03 -------- d-----w- c:\program files\360Share Pro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 17:15 . 2006-02-15 02:55 86514 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-12 17:15 . 2006-02-15 02:55 514118 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-12 06:10 . 2008-07-28 02:00 -------- d-----w- c:\program files\SpyNoMore
2010-06-12 05:02 . 2007-05-17 20:55 74440 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-10 05:06 . 2007-05-20 03:23 -------- d-----w- c:\program files\mIRC
2010-06-10 04:48 . 2010-06-10 04:48 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-05-18 02:37 . 2008-05-16 15:33 -------- d-----w- c:\documents and settings\Administrateur\Application Data\InstallShield
2010-05-18 02:36 . 2006-02-15 08:21 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-05-18 02:36 . 2006-02-15 08:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-18 02:33 . 2010-05-18 02:33 1075712 --sha-w- c:\windows\system32\C5.tmp
2010-05-14 00:22 . 2008-12-06 21:43 -------- d-----w- c:\documents and settings\Administrateur\Application Data\uTorrent
2010-05-10 02:05 . 2006-02-15 08:42 -------- d-----w- c:\program files\Google
2010-04-28 18:04 . 2010-04-28 18:04 -------- d-----w- c:\program files\Zelio-Soft
2010-04-25 00:39 . 2009-09-08 00:48 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
2009-11-29 17:43 . 2008-06-01 02:29 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-11-29 17:43 . 2008-06-01 02:29 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-11-29 17:43 . 2008-06-01 02:29 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-11-29 17:43 . 2008-06-01 02:29 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-11-29 17:43 . 2008-06-01 02:29 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
0
Stefanb Messages postés 50 Date d'inscription samedi 12 juin 2010 Statut Membre Dernière intervention 26 juin 2010
12 juin 2010 à 20:20
Voici le 2iem partie
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-23 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-09-10 81920]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2005-06-08 69632]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-11-01 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-11-01 61440]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-11-19 303104]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2007-08-23 152952]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-09 185896]
"SNM"="c:\program files\SpyNoMore\SNM.exe" [2009-11-28 1067472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoChangeAnimation"= 0 (0x0)
"NoThumbnailCache"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VPN Client.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ymetray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATSwpNav]
c:\program files\Fingerprint Sensor\ATSwpNav -run [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-12-12 05:50 88204 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 09:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-11-03 06:22 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-11-03 06:26 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-12-09 06:49 15691264 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-02-23 03:48 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-06-02 23:15 725082 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23:UDP"= 23:UDP:Ethernet pour TeSysPort

R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [2006/02/15 04:40 10496]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005/07/08 15:06 34176]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2005/09/23 08:48 28544]
R2 FlashDrv;FlashDrv;c:\progra~1\Fujitsu\FlashAid\FlashDrv.sys [2006/02/15 04:42 7196]
R2 NA_Service;NetAccess Service;c:\windows\system32\NA_Service.exe [2008/05/16 11:35 49152]
R2 NameSpaceServer;NameSpaceServer;c:\program files\OMRON\FinsServerNT\bin\NsServer.exe [2007/08/30 09:27 147456]
R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe [2004/07/07 12:17 200769]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2006/02/15 04:13 4864]
S1 abpicw2k;AB PIC/AIC+ Driver;c:\windows\system32\drivers\abpicw2k.sys [2007/10/15 15:51 113600]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?]
S2 gupdate1c9df45942c48fc;Service Google Update (gupdate1c9df45942c48fc);c:\program files\Google\Update\GoogleUpdate.exe [2009/05/27 23:37 133104]
S2 XipConnect;Xway TCP/IP;c:\windows\system32\xipconnect.exe [2008/05/16 15:34 61440]
S3 ABKTCX;Rockwell Software 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [2004/09/29 11:20 71448]
S3 CLK_UNIT0;CLK_UNIT0;c:\program files\OMRON\FinsServerNT\bin\Clkunit.exe [2007/08/30 09:29 40960]
S3 CLKPCI_UNIT0;CLKPCI_UNIT0;c:\program files\OMRON\FinsServerNT\bin\Clkpciunit00.exe [2007/08/30 09:29 53248]
S3 Controller Link;Controller Link;c:\windows\system32\drivers\ntclk.sys [2007/08/30 09:29 15376]
S3 CPU_UNIT;CPU_UNIT;c:\program files\OMRON\FinsServerNT\bin\CpuUnit.exe [2007/08/30 09:27 36864]
S3 CS1BUS_UNIT0;CS1BUS_UNIT0;c:\program files\OMRON\FinsServerNT\bin\Cs1BusUnit0.exe [2007/08/30 09:31 81920]
S3 CS1BUS_UNIT1;CS1BUS_UNIT1;c:\program files\OMRON\FinsServerNT\bin\Cs1BusUnit1.exe [2007/08/30 09:31 81920]
S3 CS1BUS_UNIT2;CS1BUS_UNIT2;c:\program files\OMRON\FinsServerNT\bin\Cs1BusUnit2.exe [2007/08/30 09:31 81920]
S3 CS1BUS_UNIT3;CS1BUS_UNIT3;c:\program files\OMRON\FinsServerNT\bin\Cs1BusUnit3.exe [2007/08/30 09:31 81920]
S3 cs1sys;cs1sys;c:\windows\system32\drivers\CS1Sys.sys [2007/08/30 09:31 88068]
S3 CS1SYS_UNIT0;CS1SYS_UNIT0;c:\program files\OMRON\FinsServerNT\bin\Cs1SysUnit0.exe [2007/08/30 09:31 81920]
S3 CS1SYS_UNIT1;CS1SYS_UNIT1;c:\program files\OMRON\FinsServerNT\bin\Cs1SysUnit1.exe [2007/08/30 09:31 81920]
S3 CS1SYS_UNIT2;CS1SYS_UNIT2;c:\program files\OMRON\FinsServerNT\bin\Cs1SysUnit2.exe [2007/08/30 09:31 81920]
S3 CS1SYS_UNIT3;CS1SYS_UNIT3;c:\program files\OMRON\FinsServerNT\bin\Cs1SysUnit3.exe [2007/08/30 09:31 81920]
S3 FgwSocketProxy;FgwSocketProxy;c:\program files\OMRON\FinsServerNT\bin\FgwSocketProxy.exe [2007/08/30 09:27 200788]
S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [2006/02/15 04:13 5632]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006/02/14 22:55 35968]
S3 MapAgent;MapAgent;c:\program files\OMRON\FinsServerNT\bin\MapAgent.exe [2007/08/30 09:27 45056]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2007/12/25 11:44 513152]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [2007/12/25 11:44 3768]
S3 ntcs1pci;ntcs1pci;c:\windows\system32\drivers\NtCs1pci.sys [2007/08/30 09:31 84596]
S3 RS_SS_NT;RSLinx S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [2004/09/29 11:20 142592]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [2004/09/29 11:20 30166]
S3 RSSERIAL;RSLinx Serial Driver;c:\windows\system32\rsserial.sys [2004/09/29 11:20 155440]
S3 SiBulk;SiBulk;c:\windows\system32\drivers\SiBulk.sys [2008/06/18 19:54 16768]
S3 SLKPCI_UNIT0;SLKPCI_UNIT0;c:\program files\OMRON\FinsServerNT\bin\Slkpciunit00.exe [2007/08/30 09:28 53248]
S3 SQTECH9090;TOP Cam;c:\windows\system32\drivers\Capt9090.sys [2009/03/03 00:08 48384]
S3 SysmacBoard Unit;SysmacBoard Unit;c:\program files\OMRON\FinsServerNT\bin\SmapUnit.exe [2007/08/30 09:30 75264]
S3 SysmacBoard;SysmacBoard;c:\windows\system32\drivers\SmapNt.sys [2007/08/30 09:30 11040]
S3 SysmacLink Unit;SysmacLink Unit;c:\program files\OMRON\FinsServerNT\bin\slkcons.exe [2007/08/30 09:27 65609]
S3 SysmacLink;SysmacLink;c:\windows\system32\drivers\ntslk.sys [2007/08/30 09:27 16448]
S3 XBTZG935;XBTZG935 USB Link Cable Driver;c:\windows\system32\drivers\XBTZG935.sys [2008/05/22 08:43 12270]
.
Contenu du dossier 'Tâches planifiées'

2010-06-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-09 03:35]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 03:36]

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 03:36]

2010-06-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 02:18]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.onlineregister.com/sonic/cgi/index.cgi?REFR=Roxio&LANG=FR&PAGE=thx&SNML=CZ6KZU9XY94LNP6T4%7CCVM8EL9RBDHANB73R%7CCFSKWG88D9RKQLFLP%7CSC%2D203B20Y&VRST=0235%20%28FR%29&FNAM=St%C3%A9phane&LNAM=Benoit&EMAL=a%40b%2Ec&NTFY=1&PRDN=&YSNL=&PRNM=SCMain&SVTG=&SRNM=SC%2D203B20Y
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {C7019246-2A9E-484C-987D-22755FC92507} = 192.168.124.1
TCP: {EA644D57-BFA6-4CB6-B647-CC1925181DFF} = 192.168.124.1
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ln5xfcmb.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{04544F2C-DE92-4405-A4F3-D490DD1AA2F1} - c:\windows\system32\cmsetACL32.dll
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
AddRemove-Destinator PC Portal - c:\program files\LGE PC Portal\Inst.exe \U
AddRemove-PowerTools-FM - c:\emerson\PToolsFM\Uninst.isu
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-{10B15004-CD2A-49BD-ACB7-DFA124F39273} - c:\program files\InstallShield Installation Information\{10B15004-CD2A-49BD-ACB7-DFA124F39273}\setup.exe -runfromtemp -l0x0009 -removeonly\ -REMV



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 13:13
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 9138 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82295CEC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf84e9fc3
\Driver\ACPI -> ACPI.sys @ 0xf834bcb8
\Driver\atapi -> atapi.sys @ 0xf81e97b4
\Driver\iaStor -> iaStor.sys @ 0xf820db58
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Intel(R) PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf80caba0
PacketIndicateHandler -> NDIS.sys @ 0xf80b9a0b
SendHandler -> NDIS.sys @ 0xf80cdb31
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(5700)
c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\WinZip\WZSHLSTB.DLL
c:\program files\WinRAR\rarext.dll
c:\windows\system32\browselc.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\XIPDRV.exe
c:\windows\system32\o2flash.exe
c:\windows\system32\OpcEnum.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre1.6.0_01\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2010-06-12 13:24:07 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-12 17:23

Avant-CF: 11 881 947 136 octets libres
Après-CF: 11 973 566 464 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

- - End Of File - - 852457EF0F30CA6B7B653E0653899282
0
Réponse 2 / 3
Utilisateur anonyme
12 juin 2010 à 20:32
Impec...

Toujours des redirections?

Fais un scan avec cet antispyware :
Malwarebytes + tutoriel

Tu l'installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l'onglet recherche et coche la case :
"Executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
A la fin du scan, clique sur Afficher les résultats
Si des elements on ete trouvés :
> click sur supprimer la selection.
si il t'es demandé de redemarrer > click sur "oui".
A la fin un rapport va s'ouvrir;
sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.
0
Réponse 3 / 3
Stefanb Messages postés 50 Date d'inscription samedi 12 juin 2010 Statut Membre Dernière intervention 26 juin 2010
12 juin 2010 à 23:00
J'Ai fait des petits test, et je ne semble plus avoir de redirection.

Par contre l'affichage est devenue en Windows classic au lieu de windows XP.

et j'ai aussi perdu le son. c'Est comme si le périférique est désinstallé.

Pour le reste tout semble ok.

je vais regarder pour regler mes 2 problèmes.


merci.
0