A voir également:
- Virus toujours là??
- Tinyurl virus - Forum Virus / Sécurité
- Svchost.exe virus - Guide
- Tlauncher virus ✓ - Forum Jeux vidéo
- Softonic virus - Forum Virus / Sécurité
- 6 proccesus svchost.exe Virus? ✓ - Forum Virus / Sécurité
2 réponses
jpsurfeur68
Messages postés
26
Date d'inscription
mardi 13 octobre 2009
Statut
Membre
Dernière intervention
14 juin 2010
4
14 juin 2010 à 14:43
14 juin 2010 à 14:43
salut
les virus ne disparaissent jamais complètement .. en plus de ca tu as avast !! mon dieu aie aie aie ^^
1-fait tes sauvegardes! (favoris,photo,doc ..)
2-formatage complet des disk
3-install WINDOWS
4-Antivirus '' Avira Antivir '' + ''spyware terminator ''
5-remise des sauvegarde
voila ton pc n'a plus de virus ;)
à ++
JP
les virus ne disparaissent jamais complètement .. en plus de ca tu as avast !! mon dieu aie aie aie ^^
1-fait tes sauvegardes! (favoris,photo,doc ..)
2-formatage complet des disk
3-install WINDOWS
4-Antivirus '' Avira Antivir '' + ''spyware terminator ''
5-remise des sauvegarde
voila ton pc n'a plus de virus ;)
à ++
JP
humm, voici le rapport combo fix : ComboFix 10-06-03.01 - kiki 05/06/2010 13:56:25.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.212 [GMT 2:00]
Lancé depuis: c:\documents and settings\kiki\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Sp3.dll
c:\windows\system32\stera.log
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FOPN
-------\Legacy_OULTRAF
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_oUltraf
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-05 au 2010-06-05 ))))))))))))))))))))))))))))))))))))
.
2010-05-27 12:01 . 2010-05-27 12:01 -------- d-----w- c:\documents and settings\kiki\Application Data\Malwarebytes
2010-05-27 12:00 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-27 12:00 . 2010-05-27 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-27 12:00 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-27 12:00 . 2010-05-27 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-27 11:58 . 2010-06-04 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-27 11:58 . 2010-06-04 11:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-25 13:19 . 2010-05-25 13:19 503808 ----a-w- c:\documents and settings\kiki\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7ee0fc41-n\msvcp71.dll
2010-05-25 13:19 . 2010-05-25 13:19 348160 ----a-w- c:\documents and settings\kiki\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7ee0fc41-n\msvcr71.dll
2010-05-25 13:19 . 2010-05-25 13:19 499712 ----a-w- c:\documents and settings\kiki\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7ee0fc41-n\jmc.dll
2010-05-17 06:30 . 2010-05-17 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 14:44 . 2009-12-15 17:26 -------- d-----w- c:\program files\Clic d'Api N°18
2010-05-17 06:42 . 2006-09-26 12:57 -------- d-----w- c:\program files\Alwil Software
2010-05-11 16:42 . 2010-04-25 12:51 -------- d-----w- c:\program files\Micro Application
2010-05-08 17:34 . 2010-04-05 14:29 -------- d-----w- c:\documents and settings\kiki\Application Data\vlc
2010-05-06 20:59 . 2006-09-26 12:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2006-09-26 12:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2006-09-26 12:58 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-04-06 13:05 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2006-09-26 12:58 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2006-09-26 12:58 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2006-09-26 12:58 94800 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-04-06 13:05 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2006-09-26 12:58 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-25 14:13 . 2010-04-25 14:13 28672 ----a-r- c:\documents and settings\kiki\Application Data\Microsoft\Installer\{F85C4511-69DD-4B55-AEB1-31FF10BFFA01}\_85032BF64EB4_4BDC_B8A7_AA28DD66519A.exe
2010-04-25 14:13 . 2010-04-25 14:11 -------- d-----w- c:\program files\SDLL
2010-04-25 14:12 . 2010-04-25 14:12 32768 ----a-r- c:\documents and settings\kiki\Application Data\Microsoft\Installer\{FAD1DFD3-FFB7-4CCF-9DB5-01E42B2BCE34}\_8C0F54FF9E0C_48D9_83FF_4B48BB80A170.exe
2010-04-25 14:12 . 2010-04-25 14:12 32768 ----a-r- c:\documents and settings\kiki\Application Data\Microsoft\Installer\{59BC65DB-8E21-47A3-A11D-1351FD9945FE}\_D688A9422DE2_40FC_B67D_6DE7AC81492F.exe
2010-04-25 12:51 . 2005-12-07 05:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 09:14 . 2010-04-19 09:14 -------- d-----w- c:\documents and settings\kiki\Application Data\ArcSoft
2010-04-12 11:53 . 2010-04-05 14:19 -------- d-----w- c:\documents and settings\kiki\Application Data\dvdcss
2010-04-08 14:26 . 2007-02-26 20:03 -------- d-----w- c:\program files\Microsoft Games
2010-03-28 16:11 . 2005-12-07 05:00 85396 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-28 16:11 . 2005-12-07 05:00 511874 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-10 06:16 . 2004-08-05 05:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"VTTrayp"="VTtrayp.exe" [2005-05-13 143360]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\kiki\Menu D'marrer\Programmes\D'marrage\
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2010-1-22 888832]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2010-1-22 77824]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2010-1-22 94208]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Wireless 802.11g USB Adapter.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Wireless 802.11g USB Adapter.lnk
backup=c:\windows\pss\Wireless 802.11g USB Adapter.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^kiki^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=c:\documents and settings\kiki\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=c:\windows\pss\TransBar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AspireService]
2005-09-29 14:07 114688 ----a-w- c:\program files\Acer\Acer eMode Management\AspireService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2005-05-11 17:15 45056 ----a-w- c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-11 09:56 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-05-13 12:57 53248 ----a-w- c:\windows\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebClient"=2 (0x2)
"SSDPSRV"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"gusvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/04/2008 15:05 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/04/2008 15:05 19024]
S3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [08/09/2008 16:42 6369]
.
Contenu du dossier 'Tâches planifiées'
2010-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-06-04 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-01 18:04]
2006-11-04 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-11-04 10:22]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://abonnement.aliceadsl.fr/configurateur/AccountHelper.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-WinUsr - c:\program files\Winsudate\gibusr.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-05 14:07
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø*€|ÿÿÿÿ*€|ù*9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(1332)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\VTtrayp.exe
c:\program files\Acer\Acer eConsole\MediaServerService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Heure de fin: 2010-06-05 14:10:57 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-05 12:10
Avant-CF: 56 440 631 296 octets libres
Après-CF: 56 436 703 232 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
- - End Of File - - 1AC6AAA8619909176D5A06076717A805
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.212 [GMT 2:00]
Lancé depuis: c:\documents and settings\kiki\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Sp3.dll
c:\windows\system32\stera.log
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FOPN
-------\Legacy_OULTRAF
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_oUltraf
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-05 au 2010-06-05 ))))))))))))))))))))))))))))))))))))
.
2010-05-27 12:01 . 2010-05-27 12:01 -------- d-----w- c:\documents and settings\kiki\Application Data\Malwarebytes
2010-05-27 12:00 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-27 12:00 . 2010-05-27 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-27 12:00 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-27 12:00 . 2010-05-27 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-27 11:58 . 2010-06-04 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-27 11:58 . 2010-06-04 11:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-25 13:19 . 2010-05-25 13:19 503808 ----a-w- c:\documents and settings\kiki\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7ee0fc41-n\msvcp71.dll
2010-05-25 13:19 . 2010-05-25 13:19 348160 ----a-w- c:\documents and settings\kiki\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7ee0fc41-n\msvcr71.dll
2010-05-25 13:19 . 2010-05-25 13:19 499712 ----a-w- c:\documents and settings\kiki\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7ee0fc41-n\jmc.dll
2010-05-17 06:30 . 2010-05-17 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 14:44 . 2009-12-15 17:26 -------- d-----w- c:\program files\Clic d'Api N°18
2010-05-17 06:42 . 2006-09-26 12:57 -------- d-----w- c:\program files\Alwil Software
2010-05-11 16:42 . 2010-04-25 12:51 -------- d-----w- c:\program files\Micro Application
2010-05-08 17:34 . 2010-04-05 14:29 -------- d-----w- c:\documents and settings\kiki\Application Data\vlc
2010-05-06 20:59 . 2006-09-26 12:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2006-09-26 12:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2006-09-26 12:58 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-04-06 13:05 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2006-09-26 12:58 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2006-09-26 12:58 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2006-09-26 12:58 94800 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-04-06 13:05 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2006-09-26 12:58 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-25 14:13 . 2010-04-25 14:13 28672 ----a-r- c:\documents and settings\kiki\Application Data\Microsoft\Installer\{F85C4511-69DD-4B55-AEB1-31FF10BFFA01}\_85032BF64EB4_4BDC_B8A7_AA28DD66519A.exe
2010-04-25 14:13 . 2010-04-25 14:11 -------- d-----w- c:\program files\SDLL
2010-04-25 14:12 . 2010-04-25 14:12 32768 ----a-r- c:\documents and settings\kiki\Application Data\Microsoft\Installer\{FAD1DFD3-FFB7-4CCF-9DB5-01E42B2BCE34}\_8C0F54FF9E0C_48D9_83FF_4B48BB80A170.exe
2010-04-25 14:12 . 2010-04-25 14:12 32768 ----a-r- c:\documents and settings\kiki\Application Data\Microsoft\Installer\{59BC65DB-8E21-47A3-A11D-1351FD9945FE}\_D688A9422DE2_40FC_B67D_6DE7AC81492F.exe
2010-04-25 12:51 . 2005-12-07 05:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 09:14 . 2010-04-19 09:14 -------- d-----w- c:\documents and settings\kiki\Application Data\ArcSoft
2010-04-12 11:53 . 2010-04-05 14:19 -------- d-----w- c:\documents and settings\kiki\Application Data\dvdcss
2010-04-08 14:26 . 2007-02-26 20:03 -------- d-----w- c:\program files\Microsoft Games
2010-03-28 16:11 . 2005-12-07 05:00 85396 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-28 16:11 . 2005-12-07 05:00 511874 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-10 06:16 . 2004-08-05 05:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"VTTrayp"="VTtrayp.exe" [2005-05-13 143360]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\kiki\Menu D'marrer\Programmes\D'marrage\
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2010-1-22 888832]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2010-1-22 77824]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2010-1-22 94208]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Wireless 802.11g USB Adapter.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Wireless 802.11g USB Adapter.lnk
backup=c:\windows\pss\Wireless 802.11g USB Adapter.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^kiki^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=c:\documents and settings\kiki\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=c:\windows\pss\TransBar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AspireService]
2005-09-29 14:07 114688 ----a-w- c:\program files\Acer\Acer eMode Management\AspireService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2005-05-11 17:15 45056 ----a-w- c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-11 09:56 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-05-13 12:57 53248 ----a-w- c:\windows\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebClient"=2 (0x2)
"SSDPSRV"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"gusvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/04/2008 15:05 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/04/2008 15:05 19024]
S3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [08/09/2008 16:42 6369]
.
Contenu du dossier 'Tâches planifiées'
2010-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-06-04 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-01 18:04]
2006-11-04 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-11-04 10:22]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://abonnement.aliceadsl.fr/configurateur/AccountHelper.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-WinUsr - c:\program files\Winsudate\gibusr.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-05 14:07
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø*€|ÿÿÿÿ*€|ù*9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(1332)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\VTtrayp.exe
c:\program files\Acer\Acer eConsole\MediaServerService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Heure de fin: 2010-06-05 14:10:57 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-05 12:10
Avant-CF: 56 440 631 296 octets libres
Après-CF: 56 436 703 232 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
- - End Of File - - 1AC6AAA8619909176D5A06076717A805