Sujet Précédent Sujet Suivant

Probleme siszpe32

symbioz -
Malekal_morte- Messages postés 184348 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention - 3 juil. 2010 à 01:19

Bonjour,

j ai apparemment le même probleme sur mon pc. svchost.exe prend 99% de l uc et siszpe32.exe est present au startup. Je n'ai pas reussi a le trouver. Faut il que je telecharge combofix ? qqn peut m'aider?

Afficher la suite

4 réponses

Réponse 1 / 4

Malekal_morte- Messages postés 184348 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 24 693

Salut,

Désactive les logiciels de protection (Antivirus, Antispywares) puis :

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.

Eventuellement, installe la console de récupération comme cela est conseillé

Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Si le rapport ne passe pas, envoie le sur ce site : http://www.cijoint.fr/
et donne le lien ici :)

Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.

Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

symbioz

ComboFix 10-06-25.04 - Longuet 26/06/2010 15:36:05.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.654 [GMT 2:00]
Lancé depuis: d:\documents and settings\Longuet\Mes documents\gui\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\program files\pdfforge Toolbar\SeARchsettings.dll
C:\Thumbs.db
c:\windows\system32\logs
c:\windows\system32\logs\{77278A0D-2054-49BE-9EF8-595726FC8D93}.log
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((((((( Fichiers créés du 2010-05-26 au 2010-06-26 ))))))))))))))))))))))))))))))))))))
.

2010-06-26 11:45 . 2010-06-26 11:45 -------- d-----w- d:\documents and settings\Longuet\Application Data\Malwarebytes
2010-06-26 11:44 . 2010-06-26 11:44 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-26 11:44 . 2010-06-26 11:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 21:26 . 2008-04-13 17:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-06-25 21:26 . 2008-04-13 17:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-06-25 21:26 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-06-25 21:26 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-06-25 19:02 . 2007-04-12 12:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2010-06-25 19:02 . 2006-09-26 11:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2010-06-25 19:02 . 2010-06-25 19:03 -------- d-----w- c:\program files\Ultra MKV Converter
2010-06-10 15:44 . 2010-06-10 15:44 139536 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-06-10 04:23 . 2010-05-06 10:33 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-06 03:40 . 2010-06-06 03:40 -------- d-----w- c:\program files\Netlor Studio
2010-06-05 12:47 . 2010-06-05 12:47 -------- d-----w- c:\windows\Downloaded Installations
2010-06-05 08:42 . 2010-06-05 08:43 -------- d-----w- d:\documents and settings\Longuet\Application Data\Notepad++

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 13:42 . 2010-03-24 05:50 -------- d-----w- c:\program files\pdfforge Toolbar
2010-06-26 03:38 . 2008-01-25 11:52 -------- d-----w- d:\documents and settings\Longuet\Application Data\U3
2010-06-25 21:24 . 2010-06-25 21:24 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\qcopjv.dat
2010-06-23 21:20 . 2004-08-16 16:41 94874 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-23 21:20 . 2004-08-16 16:41 536346 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-19 12:57 . 2006-04-24 08:35 -------- d-----w- c:\program files\Microsoft Picture It! PhotoPub
2010-06-19 03:36 . 2006-04-13 16:39 -------- d-----w- d:\documents and settings\Longuet\Application Data\Canon
2010-06-13 14:12 . 2006-10-17 16:23 43520 -c--a-w- c:\windows\system32\CmdLineExt03.dll
2010-06-10 15:36 . 2010-04-02 19:23 -------- d-----w- c:\program files\MSECache
2010-06-08 07:51 . 2006-04-05 17:25 135648 ----a-w- d:\documents and settings\Longuet\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-04 06:06 . 2009-04-04 10:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-29 12:49 . 2010-04-02 19:21 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-25 11:24 . 2007-01-30 13:21 -------- d-----w- c:\program files\Google
2010-05-22 11:17 . 2010-04-02 18:22 -------- d-----w- d:\documents and settings\Longuet\Application Data\IM
2010-05-21 18:27 . 2007-08-12 17:21 -------- d-----w- c:\program files\mIRC
2010-05-06 20:59 . 2007-11-09 22:34 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2007-11-09 22:34 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-04-04 09:54 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2007-11-09 22:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2007-11-09 22:34 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2007-11-09 22:34 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-04-04 09:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2007-11-09 22:34 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:33 . 2004-08-16 16:41 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:08 . 2004-08-16 16:41 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 16:50 . 2010-04-27 16:50 -------- d-----w- c:\program files\Lame for Audacity
2010-04-20 05:30 . 2004-08-16 16:39 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 16:47 . 2007-11-09 22:34 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-30 22:16 . 2010-03-30 22:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-30 22:10 . 2010-03-30 22:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2008-09-26 11:58 . 2008-09-26 11:58 110 -c--a-w- c:\program files\lc.txt
2006-11-20 07:04 . 2006-11-19 18:59 199147608 -c--a-w- c:\program files\Nero-7.5.7.0_fra.exe.part
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 16:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

symbioz

.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2010-01-08 02:17 700416 ----a-w- c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll" [2010-01-08 700416]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2008-07-10 09:36 73728 ------w- c:\windows\system32\VirtualExpander\VEShellExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoPrinting"= 0 (0x0)
"NoOpeninNewWnd"= 0 (0x0)
"NoBrowserBars"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoChannelUI"= 0 (0x0)
"No_LaunchMediaBar"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk
backup=c:\windows\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Longuet^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=d:\documents and settings\Longuet\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Longuet^Menu Démarrer^Programmes^Démarrage^siszpe32.exe]
path=d:\documents and settings\Longuet\Menu Démarrer\Programmes\Démarrage\siszpe32.exe
backup=c:\windows\pss\siszpe32.exeStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Longuet^Menu Démarrer^Programmes^Démarrage^VirtualExpander.lnk]
path=d:\documents and settings\Longuet\Menu Démarrer\Programmes\Démarrage\VirtualExpander.lnk
backup=c:\windows\pss\VirtualExpander.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
2003-05-02 09:31 24576 -c--a-w- c:\apps\ABOARD\ABOARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-05 13:00 208952 -c--a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

symbioz

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2000-07-12 13:14 311350 -c--a-w- c:\program files\Microsoft Works\wkssb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-08-04 02:01 28739 -c--a-w- c:\program files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
2004-07-22 19:53 86016 -c--a-w- c:\program files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-10-07 12:33 13574144 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-10-07 12:33 86016 -c--a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-10-07 12:33 1630208 -c--a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
2003-07-07 07:30 729088 -c--a-w- c:\program files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 09:00 49152 -c--a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-05-11 12:48 127118 -c--a-w- c:\apps\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-05 13:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-05 13:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-03-03 16:21 98304 -c--a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-01-08 00:36 974848 ----a-w- c:\program files\pdfforge Toolbar\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SolidWorks_CheckForUpdates]
2009-03-19 17:30 7308584 ----a-w- c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-10-24 12:45 90112 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-07 17:37 1238352 ----a-w- d:\jeux\steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-05 09:25 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-27 00:00 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-03-03 16:26 180269 -c--a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2004-11-26 10:43 90112 -c--a-w- c:\program files\Fichiers communs\Ulead Systems\AutoDetector\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2000-07-12 11:59 24576 -c--a-w- c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"SolidWorks Licensing Service"=3 (0x3)
"SeaPort"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"fsssvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"CyberLink Media Library Service"=2 (0x2)
"CoordinatorServiceHost"=3 (0x3)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Application Updater"=2 (0x2)
"AOL ACS"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ose"=3 (0x3)
"GenericHidService"=2 (0x2)
"fsproflt"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\jeux\\steam\\SteamApps\\longuet\\counter-strike source\\hl2.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\GGclient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\jeux\\BF2142.exe"=

symbioz

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4242:TCP"= 4242:TCP:xxx
"4662:TCP"= 4662:TCP:mule
"4672:UDP"= 4672:UDP:mule
"3724:TCP"= 3724:TCP:blizzard downloader
"6112:TCP"= 6112:TCP:blizzard download

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [05/06/2006 13:20 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [05/06/2006 13:20 5248]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [11/04/2009 13:05 43792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/04/2008 11:54 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2008 11:54 19024]
R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [16/08/2004 18:41 12800]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2010 04:32 133104]
S3 asbp2poa;asbp2poa;\??\d:\docume~1\Longuet\LOCALS~1\Temp\asbp2poa.sys --> d:\docume~1\Longuet\LOCALS~1\Temp\asbp2poa.sys [?]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 01:51 380928]
S4 CoordinatorServiceHost;SW Distributed TS Coordinator Service;"c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe" --> c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [?]
S4 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [11/04/2009 13:05 73344]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 2799808]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29/10/2006 10:33 611064]
.
Contenu du dossier 'Tâches planifiées'

2006-07-24 c:\windows\Tasks\Calendrier Microsoft Works.job
- c:\progra~1\FICHIE~1\MICROS~1\WORKSS~1\WksCal.exe [2000-08-04 02:00]

2010-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 02:32]

2010-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 02:32]

2006-07-24 c:\windows\Tasks\Lecteur Windows Media.job
- c:\progra~1\WINDOW~2\wmplayer.exe [2004-08-16 07:59]

2006-04-05 c:\windows\Tasks\Rappel d'enregistrement 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-16 02:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.aliceadsl.fr
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.aliceadsl.fr
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
TCP: {E5173802-E6E4-426A-A97B-67751BCA7FD6} = 192.168.1.1
FF - ProfilePath - d:\documents and settings\Longuet\Application Data\Mozilla\Firefox\Profiles\85am93xx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?hl=fr
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - component: d:\documents and settings\Longuet\Application Data\Mozilla\Firefox\Profiles\85am93xx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----

FF - user.js: capability.policy.policynames - TrustInCheckloadURI
FF - user.js: capability.policy.TrustInCheckloadURI.sites -
FF - user.js: capability.policy.TrustInCheckloadURI.checkloaduri.enabled - allAccessc:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

symbioz

- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - c:\progra~1\MEGAUP~2\MEGAUP~1.DLL
HKCU-RunOnce-FFTI - d:\documents and settings\Longuet\Application Data\Mozilla\Firefox\Profiles\85am93xx.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe
MSConfigStartUp-Dot1XCfg - c:\program files\Dot1XCfg\Dot1XCfg.exe
MSConfigStartUp-Flash Player2 - d:\docume~1\Longuet\LOCALS~1\Temp\services.exe
MSConfigStartUp-mylbx - f:\pas toucher\My Lockbox\mylbx.exe
MSConfigStartUp-PinnacleDriverCheck - c:\windows\system32\PSDrvCheck.exe
MSConfigStartUp-runner1 - c:\windows\mrofinu1148.exe
MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6020\SiteAdv.exe
MSConfigStartUp-svchosts - svchosts.exe
MSConfigStartUp-Vade Retro Outlook Express - c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
AddRemove-Audacity_is1 - d:\documents and settings\Longuet\Bureau\vivien\Audacity\unins000.exe
AddRemove-My Lockbox_is1 - f:\pas toucher\My Lockbox\unins000.exe
AddRemove-Notepad++ - f:\vivien\Notepad++\uninstall.exe
AddRemove-StreetPlugin - c:\program files\Learn2.com\StRunner\stuninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-26 15:46
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867ADB58]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf759bf28
\Driver\ACPI -> ACPI.sys @ 0xf7374cb8
\Driver\atapi -> 0x867adb58
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h-€|ÿÿÿÿ¤*€|ù*9~*]
"C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.EXE'(1780)
c:\windows\system32\VirtualExpander\VEShellExt.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-06-26 15:51:02 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-26 13:50

Avant-CF: 1 485 729 792 octets libres
Après-CF: 1 492 439 040 octets libres

- - End Of File - - C051CF6EB4525152765A2058EFE7264D

Réponse 2 / 4

Malekal_morte- Messages postés 184348 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 24 693

Tu as (ou des restes de l'adware) SearchSettings/

Désinstalle :
SearchSettings et pdfforge Toolbar (la source).

DESACTIVE LA PROTECTION ANTIVIR DURANT LA PROCEDURE

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

file::
d:\documents and settings\Longuet\Menu Démarrer\Programmes\Démarrage\siszpe32.exe
Registry::
[-HKLM\~\startupfolder\D:^Documents and Settings^Longuet^Menu Démarrer^Programmes^Démarrage^siszpe32.exe]

Enregistre ce fichier sous le nom CFScript

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

[*]Combofix se lance, laisse toi guider..

[*]Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher: poste son contenu sur http://www.cijoint.fr/ et donne le lien ici dans un nouveau message.

Réponse 3 / 4

symbioz

voila le lien, merci encore

http://www.cijoint.fr/cjlink.php?file=cj201006/cij1uEI1ZT.txt

symbioz

mon ordi continue a ramer... mon imprimante ne marche plus, les programmes de démarrages se relancent tous, sans compter les 10min a patienter aprés le demarrage avant de pouvoir lancer la moindre application

Réponse 4 / 4

Malekal_morte- Messages postés 184348 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 24 693

hummm.

Tu peux désinstaller Avast! et mettre Antivir : https://www.malekal.com/avira-free-security-antivirus-gratuit/

et tu fais un scan rootkit avec et tu mets le rapport sur cijoint.fr

Probleme siszpe32

4 réponses

Votre réponse

Newsletters