Probleme du processus "windows.exe"
mysterious
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour, mon probleme est que je trouve un nouveau processus nommé "windows.exe" puis quand je le termines il s'affiche de nouveau, j'ai cherché son chemin puis je l'ai trouvé ici
C:\WINDOWS\system32\microsoft\windows.exe
quand je le supprimes aprés terminer le processus "windows.exe", il se crée tout seul(le fichier).
voilà mon rapport:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:32:52, on 24/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Haut Débit Mobile\UIMain.exe
C:\Program Files\Internet Haut Débit Mobile\CMUpdater.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\windows\system32\microsoft\windows.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Admin\Mes documents\Downloads\Programs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2207610
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [autodetect] C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HKLM] C:\windows\system32\microsoft\windows.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [FlashGet 3] "C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe" -minimize
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HKCU] C:\windows\system32\microsoft\windows.exe
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\windows\system32\microsoft\windows.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\windows\system32\microsoft\windows.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BED81998-C109-4207-B2FE-4B9EA46D7C29}: NameServer = 212.217.0.1 212.217.0.12
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\microsoft\windows.exe
quand je le supprimes aprés terminer le processus "windows.exe", il se crée tout seul(le fichier).
voilà mon rapport:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:32:52, on 24/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Haut Débit Mobile\UIMain.exe
C:\Program Files\Internet Haut Débit Mobile\CMUpdater.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\windows\system32\microsoft\windows.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Admin\Mes documents\Downloads\Programs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2207610
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [autodetect] C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HKLM] C:\windows\system32\microsoft\windows.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [FlashGet 3] "C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe" -minimize
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HKCU] C:\windows\system32\microsoft\windows.exe
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\windows\system32\microsoft\windows.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\windows\system32\microsoft\windows.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BED81998-C109-4207-B2FE-4B9EA46D7C29}: NameServer = 212.217.0.1 212.217.0.12
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
A voir également:
- Probleme du processus "windows.exe"
- Echec de l'initialisation du processus de connexion interactive - Forum Windows
- Processus hote windows rundll32 c'est quoi ✓ - Forum Windows
- Processus déclaration tva rapport de stage ✓ - Forum compta / gestion
- Le processus est interrompu en raison du manque de mémoire epson - Forum Imprimante
- Processus rundll32.exe au démarrage - 50% CPU - Forum Virus
3 réponses
Bonsoir
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ou ici : https://forospyware.com
>Renomme le pour l'enregistrer sur ton bureau en asdehi (tout simplement pour que l'infection ne le contre pas)
-> Double clique combofix.exe.(ou clic droit sous vista « exécuter en tant que... » )
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe ; (ou clic droit sous vista « exécuter en tant que... »)
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
- Installe le console de récupération comme demandé ;utile en cas de plantage
- Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)
::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes
@+
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ou ici : https://forospyware.com
>Renomme le pour l'enregistrer sur ton bureau en asdehi (tout simplement pour que l'infection ne le contre pas)
-> Double clique combofix.exe.(ou clic droit sous vista « exécuter en tant que... » )
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe ; (ou clic droit sous vista « exécuter en tant que... »)
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
- Installe le console de récupération comme demandé ;utile en cas de plantage
- Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)
::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes
@+
C'est fait le scan et voilà la totalité du rapport:
ComboFix 10-09-24.03 - Admin 24/09/2010 21:07:33.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.503.296 [GMT 0:00]
Lancé depuis: c:\documents and settings\Admin\Bureau\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Admin\Application Data\BITS
c:\documents and settings\Admin\Application Data\BITS\BITS.ini
c:\documents and settings\Admin\Application Data\BITS\DHTTable.dat
c:\documents and settings\Admin\Application Data\BITS\ProxyList.ini
c:\documents and settings\Admin\Application Data\BITS\UPnP.ini
c:\documents and settings\Admin\Application Data\FlashGetBHO
c:\documents and settings\Admin\Application Data\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\Admin\Application Data\FlashGetBHO\FlashGetHook.dll
c:\documents and settings\Admin\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\Admin\Application Data\FlashGetBHO\GetUrl.htm
c:\documents and settings\Admin\Application Data\logs.dat
c:\documents and settings\Admin\Application Data\PriceGong
c:\documents and settings\Admin\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\z.xml
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_10773.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_123.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_32-100Q61326240-L.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_43886.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_569666.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_581b29.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_58967.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5ff3a.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_8975558.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_js.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_KuaiChe107-73.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_WeiBiaoTi-3.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\dian.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_new_1284979695.zip
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gameall.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gametop.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newgame.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newmovie-game.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newmovie.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p2.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p3.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p4.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p5.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p6.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p7.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p8.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft-0.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\tab.gif
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\domain_url_list_en.zip
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\windows\system32\Microsoft\windows.exe
c:\windows\system32\msssc.dll
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-08-24 au 2010-09-24 ))))))))))))))))))))))))))))))))))))
.
2010-09-24 18:13 . 2010-09-24 18:20 -------- d-----w- C:\SRN Micro
2010-09-24 15:49 . 2010-09-24 15:49 -------- d-----w- c:\documents and settings\Admin\Application Data\Uniblue
2010-09-24 12:02 . 2010-09-24 12:02 -------- d-----w- c:\documents and settings\Admin\Application Data\dvdcss
2010-09-21 11:05 . 2008-04-13 17:34 70656 -c--a-w- c:\windows\system32\dllcache\notepad.exe
2010-09-21 11:05 . 2008-04-13 17:34 70656 ----a-w- c:\windows\system32\notepad.exe
2010-09-21 11:04 . 2010-09-21 11:08 -------- d-----w- c:\windows\system_backup
2010-09-21 00:38 . 2010-09-21 00:38 -------- d-----w- c:\program files\SpeedyFox
2010-09-21 00:37 . 2010-09-17 05:04 330240 ----a-w- c:\windows\tlobarjeux.exe
2010-09-21 00:37 . 2009-09-04 05:17 1551453 ----a-w- c:\windows\speedyfox.exe
2010-09-20 21:06 . 2003-06-19 01:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-09-20 21:06 . 2003-06-19 01:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-09-20 21:05 . 2010-09-20 21:05 -------- d-----w- c:\program files\Microsoft.NET
2010-09-20 21:04 . 2010-09-20 21:05 -------- d-----w- c:\windows\SHELLNEW
2010-09-20 20:42 . 2010-09-20 20:42 -------- d-----r- C:\MSOCache
2010-09-20 12:43 . 2010-09-24 19:24 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2010-09-20 12:39 . 2010-09-20 12:39 -------- d-----w- c:\program files\VideoLAN
2010-09-18 11:35 . 2010-09-18 11:35 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Ahead
2010-09-18 00:29 . 2010-09-18 00:29 -------- d-----w- c:\windows\Applian FLV Player
2010-09-18 00:29 . 2010-09-18 00:29 -------- d-----w- c:\program files\FLV Player
2010-09-18 00:12 . 2010-09-18 00:12 -------- d-----w- c:\documents and settings\Admin\Application Data\Media Player Classic
2010-09-17 22:22 . 2010-09-23 10:27 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Temp
2010-09-17 22:22 . 2010-09-17 22:49 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Google
2010-09-16 23:49 . 2010-09-16 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NFS Underground
2010-09-16 23:48 . 2010-09-16 23:48 -------- d-----w- c:\program files\Fichiers communs\DirectX
2010-09-16 22:23 . 2010-09-16 22:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Foxit Software
2010-09-16 20:44 . 2010-09-17 22:25 -------- d-----w- c:\program files\MSN Messenger
2010-09-16 11:19 . 2008-06-14 17:33 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-16 11:19 . 2008-06-14 17:33 272768 ------w- c:\windows\system32\drivers\bthport.sys
2010-09-16 01:24 . 2010-04-28 18:13 2192000 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-16 01:24 . 2010-04-28 05:43 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-16 01:24 . 2010-04-28 05:43 2068864 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-09-16 01:24 . 2010-04-28 05:43 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-15 21:26 . 2010-09-15 21:26 198064 ----a-w- c:\documents and settings\Admin\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-09-15 21:26 . 2010-09-24 21:02 -------- d-----w- c:\documents and settings\Admin\Application Data\DMCache
2010-09-15 21:26 . 2010-09-22 20:17 -------- d-----w- c:\documents and settings\Admin\Application Data\IDM
2010-09-15 21:26 . 2010-09-18 00:42 -------- d-----w- c:\program files\Internet Download Manager
2010-09-15 21:22 . 2010-09-15 21:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-09-15 21:07 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-15 15:55 . 2010-09-15 15:55 -------- d-----w- c:\program files\Conduit
2010-09-15 15:52 . 2010-09-15 15:52 -------- d-----w- c:\program files\FreeTime
2010-09-15 15:47 . 2010-09-15 15:47 -------- d-----w- c:\program files\Fichiers communs\xing shared
2010-09-15 15:47 . 2010-09-15 15:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-15 15:47 . 2010-09-15 15:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-15 15:47 . 2010-09-15 15:47 -------- d-----w- c:\program files\Fichiers communs\Real
2010-09-15 15:46 . 2010-09-15 15:47 -------- d-----w- c:\program files\Real
2010-09-15 15:38 . 2010-09-15 15:38 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\ESET
2010-09-15 15:16 . 2000-06-26 11:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-09-15 15:16 . 2004-07-20 17:24 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-09-15 15:16 . 2004-07-09 09:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2010-09-15 15:16 . 2004-07-20 17:24 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-09-15 15:16 . 2004-07-20 17:24 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-09-15 15:16 . 2004-07-20 17:24 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-09-15 15:16 . 2001-06-26 08:15 38912 ------w- c:\windows\system32\picn20.dll
2010-09-15 15:14 . 2010-09-15 15:15 -------- d-----w- c:\program files\Fichiers communs\Ahead
2010-09-15 15:14 . 2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-09-15 15:14 . 2010-09-15 15:16 -------- d-----w- c:\program files\Ahead
2010-09-15 14:32 . 2010-09-15 14:32 -------- d-----w- c:\program files\ESET
2010-09-15 14:32 . 2010-09-15 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-09-15 14:06 . 2010-09-15 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2010-09-15 14:02 . 2008-04-13 17:33 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-09-15 13:58 . 2009-04-09 15:03 57407 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\4yr10222.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
2010-09-15 13:58 . 2010-09-19 00:35 -------- d-----w- C:\Downloads
2010-09-15 13:58 . 2010-09-15 13:58 -------- d-----w- c:\documents and settings\Admin\Application Data\FlashGet
2010-09-15 06:22 . 2010-09-15 01:48 58952 ----a-w- c:\windows\system32\MsgPlusLoader.dll
2010-09-15 06:17 . 2008-07-09 07:40 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-09-15 01:55 . 2008-04-13 11:39 7552 -c--a-w- c:\windows\system32\dllcache\mskssrv.sys
2010-09-15 01:48 . 2010-09-15 01:48 -------- d-----w- c:\program files\MessengerPlus! 3
2010-09-15 01:46 . 2010-09-15 01:46 -------- d-----w- c:\documents and settings\Admin\Application Data\Foxit
2010-09-15 01:46 . 2010-09-15 01:46 -------- d-----w- c:\program files\Foxit Software
2010-09-15 01:27 . 2010-09-15 01:28 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-15 01:27 . 2010-09-15 01:27 -------- d-----w- c:\program files\Intel
2010-09-15 01:27 . 2010-09-15 01:27 -------- d-----w- C:\Intel
2010-09-15 01:08 . 2010-09-15 01:08 0 ----a-w- c:\windows\nsreg.dat
2010-09-15 01:08 . 2010-09-15 01:08 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Mozilla
2010-09-15 01:06 . 2010-09-15 01:54 19078656 ----a-w- c:\documents and settings\All Users\Application Data\Fujitsu\DeskUpdate\download\files\1000161_analog_devices_5_12_01_3621.exe
2010-09-15 01:05 . 2010-09-15 01:06 628224 ----a-w- c:\documents and settings\All Users\Application Data\Fujitsu\DeskUpdate\download\files\1006888_intel_9_4_21.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 21:02 . 2010-09-15 00:49 -------- d-----w- c:\program files\Internet Haut Débit Mobile
2010-09-22 23:18 . 2010-09-15 00:55 42168 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-17 13:58 . 2001-08-28 12:00 48616 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-17 13:58 . 2001-08-28 12:00 367658 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-16 23:56 . 2010-09-16 23:56 132018 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1036.dat
2010-09-16 23:56 . 2010-09-15 00:40 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-09-15 01:55 . 2010-09-15 01:55 -------- d-----w- c:\program files\Analog Devices
2010-09-15 01:55 . 2010-09-15 00:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-15 01:55 . 2010-09-15 01:55 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-09-15 01:37 . 2010-09-15 00:57 6027264 ----a-w- c:\documents and settings\All Users\Application Data\Fujitsu\DeskUpdate\download\files\1001224_intel_14_7_0_3889.exe
2010-09-15 00:57 . 2010-09-15 00:54 2702848 ----a-w- c:\documents and settings\All Users\Application Data\Fujitsu\DeskUpdate\download\files\1014670_intel_8_3_0_1014.exe
2010-09-15 00:57 . 2010-09-15 00:57 -------- d-----w- c:\program files\SuperCopier2
2010-09-15 00:57 . 2010-09-15 00:57 15256 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2010-09-15 00:52 . 2010-09-15 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Fujitsu
2010-09-15 00:41 . 2010-09-15 00:41 -------- d-----w- c:\program files\microsoft frontpage
2010-09-15 00:39 . 2010-09-15 00:39 -------- d-----w- c:\program files\Services en ligne
2010-09-15 00:37 . 2010-09-15 00:37 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-15 00:36 . 2010-09-15 00:36 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-17 13:17 . 2008-04-13 17:34 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:48 . 2008-04-13 17:33 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 07:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:32 . 2008-04-13 17:33 149504 ----a-w- c:\windows\system32\schannel.dll
.
------- Sigcheck -------
[-] 2009-01-16 . 33578A738C564B4F84D906EFD91025E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2010-09-17 7081984]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-10-23 3134896]
"Google Update"="c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-17 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"autodetect"="c:\program files\Internet Haut Débit Mobile\AutoDect.exe" [2010-03-02 129360]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2010-09-15 190024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-09-15 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\MsgPlusLoader.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\SRN Micro\\SOLOCFG.EXE"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28/04/2010 08:17 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/06/2010 09:27 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [24/06/2010 09:27 810144]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15/09/2010 00:50 9216]
.
Contenu du dossier 'Tâches planifiées'
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-651377827-1417001333-1003Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-17 22:22]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-651377827-1417001333-1003UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-17 22:22]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2207610
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: c:\windows\system32\idmmbc.dll
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\4yr10222.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2207610&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic France FF Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.ma/
FF - component: c:\documents and settings\Admin\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\4yr10222.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
ActiveSetup-{GF4X7745-WQW6-GR05-83C3-J2A4J26U82BY} - c:\windows\system32\microsoft\windows.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 21:11
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\MsgPlusLoader.dll
- - - - - - - > 'lsass.exe'(576)
c:\windows\system32\MsgPlusLoader.dll
c:\windows\system32\idmmbc.dll
.
Heure de fin: 2010-09-24 21:13:08
ComboFix-quarantined-files.txt 2010-09-24 21:13
Avant-CF: 26 093 187 072 octets libres
Après-CF: 26 060 509 184 octets libres
- - End Of File - - AB957A988D6064AA273B07EEF547E5EF
ComboFix 10-09-24.03 - Admin 24/09/2010 21:07:33.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.503.296 [GMT 0:00]
Lancé depuis: c:\documents and settings\Admin\Bureau\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Admin\Application Data\BITS
c:\documents and settings\Admin\Application Data\BITS\BITS.ini
c:\documents and settings\Admin\Application Data\BITS\DHTTable.dat
c:\documents and settings\Admin\Application Data\BITS\ProxyList.ini
c:\documents and settings\Admin\Application Data\BITS\UPnP.ini
c:\documents and settings\Admin\Application Data\FlashGetBHO
c:\documents and settings\Admin\Application Data\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\Admin\Application Data\FlashGetBHO\FlashGetHook.dll
c:\documents and settings\Admin\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\Admin\Application Data\FlashGetBHO\GetUrl.htm
c:\documents and settings\Admin\Application Data\logs.dat
c:\documents and settings\Admin\Application Data\PriceGong
c:\documents and settings\Admin\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Admin\Application Data\PriceGong\Data\z.xml
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_10773.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_123.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_32-100Q61326240-L.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_43886.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_569666.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_581b29.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_58967.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5ff3a.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_8975558.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_js.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_KuaiChe107-73.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_WeiBiaoTi-3.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\dian.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_new_1284979695.zip
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gameall.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gametop.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newgame.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newmovie-game.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newmovie.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p2.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p3.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p4.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p5.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p6.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p7.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p8.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft-0.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\tab.gif
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\domain_url_list_en.zip
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\windows\system32\Microsoft\windows.exe
c:\windows\system32\msssc.dll
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-08-24 au 2010-09-24 ))))))))))))))))))))))))))))))))))))
.
2010-09-24 18:13 . 2010-09-24 18:20 -------- d-----w- C:\SRN Micro
2010-09-24 15:49 . 2010-09-24 15:49 -------- d-----w- c:\documents and settings\Admin\Application Data\Uniblue
2010-09-24 12:02 . 2010-09-24 12:02 -------- d-----w- c:\documents and settings\Admin\Application Data\dvdcss
2010-09-21 11:05 . 2008-04-13 17:34 70656 -c--a-w- c:\windows\system32\dllcache\notepad.exe
2010-09-21 11:05 . 2008-04-13 17:34 70656 ----a-w- c:\windows\system32\notepad.exe
2010-09-21 11:04 . 2010-09-21 11:08 -------- d-----w- c:\windows\system_backup
2010-09-21 00:38 . 2010-09-21 00:38 -------- d-----w- c:\program files\SpeedyFox
2010-09-21 00:37 . 2010-09-17 05:04 330240 ----a-w- c:\windows\tlobarjeux.exe
2010-09-21 00:37 . 2009-09-04 05:17 1551453 ----a-w- c:\windows\speedyfox.exe
2010-09-20 21:06 . 2003-06-19 01:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-09-20 21:06 . 2003-06-19 01:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-09-20 21:05 . 2010-09-20 21:05 -------- d-----w- c:\program files\Microsoft.NET
2010-09-20 21:04 . 2010-09-20 21:05 -------- d-----w- c:\windows\SHELLNEW
2010-09-20 20:42 . 2010-09-20 20:42 -------- d-----r- C:\MSOCache
2010-09-20 12:43 . 2010-09-24 19:24 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2010-09-20 12:39 . 2010-09-20 12:39 -------- d-----w- c:\program files\VideoLAN
2010-09-18 11:35 . 2010-09-18 11:35 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Ahead
2010-09-18 00:29 . 2010-09-18 00:29 -------- d-----w- c:\windows\Applian FLV Player
2010-09-18 00:29 . 2010-09-18 00:29 -------- d-----w- c:\program files\FLV Player
2010-09-18 00:12 . 2010-09-18 00:12 -------- d-----w- c:\documents and settings\Admin\Application Data\Media Player Classic
2010-09-17 22:22 . 2010-09-23 10:27 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Temp
2010-09-17 22:22 . 2010-09-17 22:49 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Google
2010-09-16 23:49 . 2010-09-16 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NFS Underground
2010-09-16 23:48 . 2010-09-16 23:48 -------- d-----w- c:\program files\Fichiers communs\DirectX
2010-09-16 22:23 . 2010-09-16 22:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Foxit Software
2010-09-16 20:44 . 2010-09-17 22:25 -------- d-----w- c:\program files\MSN Messenger
2010-09-16 11:19 . 2008-06-14 17:33 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-16 11:19 . 2008-06-14 17:33 272768 ------w- c:\windows\system32\drivers\bthport.sys
2010-09-16 01:24 . 2010-04-28 18:13 2192000 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-16 01:24 . 2010-04-28 05:43 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-16 01:24 . 2010-04-28 05:43 2068864 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-09-16 01:24 . 2010-04-28 05:43 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-15 21:26 . 2010-09-15 21:26 198064 ----a-w- c:\documents and settings\Admin\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-09-15 21:26 . 2010-09-24 21:02 -------- d-----w- c:\documents and settings\Admin\Application Data\DMCache
2010-09-15 21:26 . 2010-09-22 20:17 -------- d-----w- c:\documents and settings\Admin\Application Data\IDM
2010-09-15 21:26 . 2010-09-18 00:42 -------- d-----w- c:\program files\Internet Download Manager
2010-09-15 21:22 . 2010-09-15 21:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-09-15 21:07 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-15 15:55 . 2010-09-15 15:55 -------- d-----w- c:\program files\Conduit
2010-09-15 15:52 . 2010-09-15 15:52 -------- d-----w- c:\program files\FreeTime
2010-09-15 15:47 . 2010-09-15 15:47 -------- d-----w- c:\program files\Fichiers communs\xing shared
2010-09-15 15:47 . 2010-09-15 15:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-15 15:47 . 2010-09-15 15:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-15 15:47 . 2010-09-15 15:47 -------- d-----w- c:\program files\Fichiers communs\Real
2010-09-15 15:46 . 2010-09-15 15:47 -------- d-----w- c:\program files\Real
2010-09-15 15:38 . 2010-09-15 15:38 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\ESET
2010-09-15 15:16 . 2000-06-26 11:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-09-15 15:16 . 2004-07-20 17:24 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-09-15 15:16 . 2004-07-09 09:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2010-09-15 15:16 . 2004-07-20 17:24 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-09-15 15:16 . 2004-07-20 17:24 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-09-15 15:16 . 2004-07-20 17:24 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-09-15 15:16 . 2001-06-26 08:15 38912 ------w- c:\windows\system32\picn20.dll
2010-09-15 15:14 . 2010-09-15 15:15 -------- d-----w- c:\program files\Fichiers communs\Ahead
2010-09-15 15:14 . 2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-09-15 15:14 . 2010-09-15 15:16 -------- d-----w- c:\program files\Ahead
2010-09-15 14:32 . 2010-09-15 14:32 -------- d-----w- c:\program files\ESET
2010-09-15 14:32 . 2010-09-15 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-09-15 14:06 . 2010-09-15 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2010-09-15 14:02 . 2008-04-13 17:33 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-09-15 13:58 . 2009-04-09 15:03 57407 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\4yr10222.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
2010-09-15 13:58 . 2010-09-19 00:35 -------- d-----w- C:\Downloads
2010-09-15 13:58 . 2010-09-15 13:58 -------- d-----w- c:\documents and settings\Admin\Application Data\FlashGet
2010-09-15 06:22 . 2010-09-15 01:48 58952 ----a-w- c:\windows\system32\MsgPlusLoader.dll
2010-09-15 06:17 . 2008-07-09 07:40 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-09-15 01:55 . 2008-04-13 11:39 7552 -c--a-w- c:\windows\system32\dllcache\mskssrv.sys
2010-09-15 01:48 . 2010-09-15 01:48 -------- d-----w- c:\program files\MessengerPlus! 3
2010-09-15 01:46 . 2010-09-15 01:46 -------- d-----w- c:\documents and settings\Admin\Application Data\Foxit
2010-09-15 01:46 . 2010-09-15 01:46 -------- d-----w- c:\program files\Foxit Software
2010-09-15 01:27 . 2010-09-15 01:28 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-15 01:27 . 2010-09-15 01:27 -------- d-----w- c:\program files\Intel
2010-09-15 01:27 . 2010-09-15 01:27 -------- d-----w- C:\Intel
2010-09-15 01:08 . 2010-09-15 01:08 0 ----a-w- c:\windows\nsreg.dat
2010-09-15 01:08 . 2010-09-15 01:08 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Mozilla
2010-09-15 01:06 . 2010-09-15 01:54 19078656 ----a-w- c:\documents and settings\All Users\Application Data\Fujitsu\DeskUpdate\download\files\1000161_analog_devices_5_12_01_3621.exe
2010-09-15 01:05 . 2010-09-15 01:06 628224 ----a-w- c:\documents and settings\All Users\Application Data\Fujitsu\DeskUpdate\download\files\1006888_intel_9_4_21.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 21:02 . 2010-09-15 00:49 -------- d-----w- c:\program files\Internet Haut Débit Mobile
2010-09-22 23:18 . 2010-09-15 00:55 42168 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-17 13:58 . 2001-08-28 12:00 48616 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-17 13:58 . 2001-08-28 12:00 367658 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-16 23:56 . 2010-09-16 23:56 132018 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1036.dat
2010-09-16 23:56 . 2010-09-15 00:40 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-09-15 01:55 . 2010-09-15 01:55 -------- d-----w- c:\program files\Analog Devices
2010-09-15 01:55 . 2010-09-15 00:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-15 01:55 . 2010-09-15 01:55 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-09-15 01:37 . 2010-09-15 00:57 6027264 ----a-w- c:\documents and settings\All Users\Application Data\Fujitsu\DeskUpdate\download\files\1001224_intel_14_7_0_3889.exe
2010-09-15 00:57 . 2010-09-15 00:54 2702848 ----a-w- c:\documents and settings\All Users\Application Data\Fujitsu\DeskUpdate\download\files\1014670_intel_8_3_0_1014.exe
2010-09-15 00:57 . 2010-09-15 00:57 -------- d-----w- c:\program files\SuperCopier2
2010-09-15 00:57 . 2010-09-15 00:57 15256 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2010-09-15 00:52 . 2010-09-15 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Fujitsu
2010-09-15 00:41 . 2010-09-15 00:41 -------- d-----w- c:\program files\microsoft frontpage
2010-09-15 00:39 . 2010-09-15 00:39 -------- d-----w- c:\program files\Services en ligne
2010-09-15 00:37 . 2010-09-15 00:37 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-15 00:36 . 2010-09-15 00:36 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-17 13:17 . 2008-04-13 17:34 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:48 . 2008-04-13 17:33 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 07:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:32 . 2008-04-13 17:33 149504 ----a-w- c:\windows\system32\schannel.dll
.
------- Sigcheck -------
[-] 2009-01-16 . 33578A738C564B4F84D906EFD91025E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2010-09-17 7081984]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-10-23 3134896]
"Google Update"="c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-17 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"autodetect"="c:\program files\Internet Haut Débit Mobile\AutoDect.exe" [2010-03-02 129360]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2010-09-15 190024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-09-15 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\MsgPlusLoader.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\SRN Micro\\SOLOCFG.EXE"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28/04/2010 08:17 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/06/2010 09:27 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [24/06/2010 09:27 810144]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15/09/2010 00:50 9216]
.
Contenu du dossier 'Tâches planifiées'
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-651377827-1417001333-1003Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-17 22:22]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-651377827-1417001333-1003UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-17 22:22]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2207610
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: c:\windows\system32\idmmbc.dll
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\4yr10222.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2207610&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic France FF Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.ma/
FF - component: c:\documents and settings\Admin\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\4yr10222.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
ActiveSetup-{GF4X7745-WQW6-GR05-83C3-J2A4J26U82BY} - c:\windows\system32\microsoft\windows.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 21:11
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\MsgPlusLoader.dll
- - - - - - - > 'lsass.exe'(576)
c:\windows\system32\MsgPlusLoader.dll
c:\windows\system32\idmmbc.dll
.
Heure de fin: 2010-09-24 21:13:08
ComboFix-quarantined-files.txt 2010-09-24 21:13
Avant-CF: 26 093 187 072 octets libres
Après-CF: 26 060 509 184 octets libres
- - End Of File - - AB957A988D6064AA273B07EEF547E5EF
