Rapport ComboFix
Résolu/Fermé
Spoks
-
Mstr Messages postés 9973 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Mstr Messages postés 9973 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
Voila Mon Rapport ComboFix
ComboFix 10-10-07.02 - Hasoupix 08/10/2010 14:05:29.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.503.254 [GMT 0:00]
Lancé depuis: c:\documents and settings\Hasoupix\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Hasoupix\Mes documents\Maison Lamy
c:\documents and settings\Hasoupix\Mes documents\Maison Lamy \Thumbs.db
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\msssc.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-08 au 2010-10-08 ))))))))))))))))))))))))))))))))))))
.
2010-10-05 13:58 . 2010-10-05 13:59 -------- d-----w- c:\program files\mp3DirectCut
2010-09-22 12:01 . 2010-09-22 12:01 165296 ----a-w- c:\documents and settings\Hasoupix\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2010-09-22 12:00 . 2010-09-22 12:02 -------- d-----w- c:\documents and settings\Hasoupix\Application Data\IDM
2010-09-22 12:00 . 2010-10-03 21:45 -------- d-----w- c:\program files\Internet Download Manager
2010-09-13 16:11 . 2010-09-13 16:11 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-09-13 16:11 . 2008-11-21 13:28 94848 ----a-w- c:\windows\system32\drivers\sscdserd.sys
2010-09-13 16:11 . 2008-11-21 13:28 87296 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2010-09-13 16:11 . 2008-11-21 13:28 14976 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2010-09-13 16:11 . 2008-11-21 13:28 12160 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2010-09-13 16:11 . 2008-11-21 13:28 12160 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2010-09-13 16:11 . 2008-11-21 13:28 12160 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2010-09-13 16:11 . 2008-11-21 13:28 12160 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2010-09-13 16:11 . 2008-11-21 13:28 115968 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2010-09-13 01:59 . 2010-09-16 01:59 -------- d-----w- c:\program files\SpacialAudio
2010-09-13 01:59 . 2004-12-13 01:05 356437 ----a-w- c:\windows\system32\GDS32.DLL
2010-09-13 01:59 . 2010-09-13 01:59 -------- d-----w- c:\program files\Firebird
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 14:13 . 2010-05-09 10:46 -------- d-----w- c:\documents and settings\Hasoupix\Application Data\DMCache
2010-10-07 11:59 . 2010-05-09 19:25 -------- d-----w- c:\documents and settings\Hasoupix\Application Data\Media Player Classic
2010-10-07 03:48 . 2010-05-09 15:11 -------- d-----w- c:\program files\Mirc-MSN
2010-10-07 03:46 . 2010-02-07 20:40 -------- d-----w- c:\program files\mIRC&PnP
2010-10-03 19:40 . 2009-11-23 19:45 -------- d-----w- c:\program files\Modem Samsung SCH-U209
2010-10-03 19:21 . 2010-06-13 15:22 -------- d-----w- c:\documents and settings\Hasoupix\Application Data\Skype
2010-10-03 17:15 . 2010-05-21 00:12 -------- d-----w- c:\documents and settings\Hasoupix\Application Data\skypePM
2010-09-18 23:59 . 2010-05-28 15:46 -------- d-----w- c:\documents and settings\Hasoupix\Application Data\TeamViewer
2010-09-13 16:11 . 2009-05-22 18:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-07 17:56 . 2010-09-07 03:09 -------- d-----w- c:\program files\The Cleaner
2010-09-07 03:09 . 2010-09-07 03:09 -------- d-----w- c:\documents and settings\Hasoupix\Application Data\thecleaner
2010-09-04 03:28 . 2010-09-04 03:28 -------- d-----w- c:\program files\Analog Devices
2010-09-04 03:28 . 2009-07-18 16:39 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-09-04 03:11 . 2010-09-04 03:10 -------- d-----w- c:\program files\USB Disk Security
2010-09-02 17:06 . 2010-09-02 17:01 -------- d-----w- c:\program files\AutorunRemover
2010-08-20 11:39 . 2001-08-24 11:00 71248 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-20 11:39 . 2001-08-24 11:00 458230 ----a-w- c:\windows\system32\perfh00C.dat
2010-08-18 06:11 . 2010-04-02 18:46 -------- d-----w- c:\program files\Java
2010-08-17 16:01 . 2010-08-17 16:01 -------- d-----w- c:\documents and settings\Hasoupix\Application Data\Ufasoft
2010-08-10 12:26 . 2010-08-10 12:26 503808 ----a-w- c:\documents and settings\Hasoupix\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4747064e-n\msvcp71.dll
2010-08-10 12:26 . 2010-08-10 12:26 499712 ----a-w- c:\documents and settings\Hasoupix\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4747064e-n\jmc.dll
2010-08-10 12:26 . 2010-08-10 12:26 348160 ----a-w- c:\documents and settings\Hasoupix\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4747064e-n\msvcr71.dll
2010-08-10 12:26 . 2010-08-10 12:26 61440 ----a-w- c:\documents and settings\Hasoupix\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7e7de10f-n\decora-sse.dll
2010-08-10 12:26 . 2010-08-10 12:26 12800 ----a-w- c:\documents and settings\Hasoupix\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7e7de10f-n\decora-d3d.dll
2010-07-17 04:00 . 2010-07-01 14:31 423656 ----a-w- c:\windows\system32\deployJava1.dll
2004-08-03 22:54 . 2010-05-29 00:29 60416 --sha-w- c:\windows\NiwradSoft Shell Pack\Backup\msimn.exe
.
------- Sigcheck -------
[7] 2004-08-03 . 46990969761352F53B2310D266E2F1DF . 112640 . . [5.4.3790.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\wuauclt.exe
[-] 2004-08-03 . A7649452FC447A8C744C64627C936B62 . 117248 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-08-03 . A7649452FC447A8C744C64627C936B62 . 117248 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe
[7] 2004-08-03 . A53B48B5AB9A5DA76ED247D61B0B0ADD . 611328 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2004-08-03 . 34775204500EADE94A3E81CF4B9D1C3D . 636928 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-03 . 34775204500EADE94A3E81CF4B9D1C3D . 636928 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2004-08-03 . 97668958194B82F5B88EABC88ACA5AE1 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2001-08-24 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-03 . 3FE8D0C4C2F3B928192BD06DCEE34B32 . 3003392 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2004-08-03 . B2FF3DB5087EC13A0C6671DF9319B7F2 . 3332096 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-03 . B2FF3DB5087EC13A0C6671DF9319B7F2 . 3332096 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2004-08-03 . 36F32A5A83DF734E022734D93860A9A4 . 2150400 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2004-08-03 . 089B4C3D3CB991D591B01B715EE52234 . 2311680 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
[7] 2004-08-03 . E46FB493E3B33704F0715020CF52106B . 578048 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2004-08-03 . AEC6EC6B75F22AB88998E7690B8E32A4 . 578048 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
[-] 2004-08-03 . AEC6EC6B75F22AB88998E7690B8E32A4 . 578048 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\user32.dll
[7] 2004-08-03 . 58FE94EF42E074F4CAD8BF02E70E6478 . 660480 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2004-08-03 . CEB2320EB51D7458BDD447C0F5514613 . 770560 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-03 . CEB2320EB51D7458BDD447C0F5514613 . 770560 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
[-] 2004-08-03 . 8916C8D6EDE1509C2E394C537258ADFC . 1543168 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[7] 2004-08-03 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2004-08-03 . 8916C8D6EDE1509C2E394C537258ADFC . 1543168 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
[-] 2008-04-05 . D1110A51663318318C008C5836D243CE . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[7] 2004-08-03 . 5584247B568C2E53934873F4B655FE6A . 15360 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2004-08-03 . 3B6A6717B558A079316E41586201CF12 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-03 . 3B6A6717B558A079316E41586201CF12 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
[7] 2004-08-03 . 35567C8C50986C2BC5C3EFD79CB045E4 . 2017280 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2004-08-03 . 0DE0141AB2C69C8F1D721782219AEF63 . 2178560 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
[7] 2004-08-03 . 833E2B3F0E2484C0F2B804AE871B4381 . 93184 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
[-] 2004-08-03 . A38694E81EE4A51B38B1F2D4F1312A0D . 102912 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Z810PNP"="c:\program files\Modem Samsung SCH-U209\SamsungPnPServiceManager.exe" [2009-02-13 176128]
"Z810SysStart"="c:\program files\Modem Samsung SCH-U209\sysctrlU.exe" [2009-02-11 311296]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-06-23 1699128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-28 3872080]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-09-22 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-06-18 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
2007-08-09 13:48 528384 ----a-r- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutorunRemover.exe]
2008-06-18 23:51 1257472 ----a-w- c:\program files\AutorunRemover\AutorunRemover.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2010-09-22 12:00 2606512 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 08:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 08:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-09-28 14:26 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
2009-08-16 19:36 955392 ----a-w- c:\program files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-06-18 23:57 202256 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mirc-MSN\\mirc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [03/05/2010 16:56 135336]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [01/05/2010 11:58 271728]
.
Contenu du dossier 'Tâches planifiées'
2010-10-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-776561741-725345543-2102191381-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-10-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-725345543-2102191381-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.microsoft.com
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\Hasoupix\Application Data\Mozilla\Firefox\Profiles\8nrkd6jm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.ma/
FF - component: c:\documents and settings\Hasoupix\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
Notify-WgaLogon - (no file)
ActiveSetup-{14A8C5BB-0E2B-1711-10DB-17615B3DA513} - c:\windows\system32\watchurip\ip.exe
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-776561741-725345543-2102191381-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD769A25-0845-DE80-F766-080E19683BF8}*]
"iabcmjiagmiplfpfba"=hex:6a,61,69,65,6d,69,69,6f,62,64,66,61,69,6b,62,65,63,67,
70,65,00,00
"halpdnkljegafifa"=hex:6a,61,63,64,67,6b,70,64,61,65,70,69,6d,6c,6a,6c,6f,63,
69,65,00,ff
"iafbfjhafnhbnccafc"=hex:63,61,67,64,66,69,00,7c
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b3,5e,b0,f4,fe,43,ca,0f,e1,d6,ef,86,c1,10,c2,94,c5,cf,86,0d,6e,
d5,9f,d9,7f,3f,03,f4,84,91,c8,01,2d,1f,31,0c,8c,d1,b2,11,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{82d4c43f-a966-4c87-83e8-10a9420a3b11}]
@Denied: (Full) (Everyone)
"Model"=dword:000000f3
"Therad"=dword:0000000f
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,3b,45,1e,79,25,8f,29,26,f2,32,11,34,a4,e7,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\setupapi.dll
c:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(3904)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Heure de fin: 2010-10-08 14:16:35 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-08 14:16
ComboFix2.txt 2009-11-07 00:27
Avant-CF: 9 179 553 792 octets libres
Après-CF: 9 169 121 280 octets libres
- - End Of File - - 702BF7A96C4348C298FB1B00261DE0E5
Merci
Voila Mon Rapport ComboFix
ComboFix 10-10-07.02 - Hasoupix 08/10/2010 14:05:29.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.503.254 [GMT 0:00]
Lancé depuis: c:\documents and settings\Hasoupix\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Hasoupix\Mes documents\Maison Lamy
c:\documents and settings\Hasoupix\Mes documents\Maison Lamy \Thumbs.db
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\msssc.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-08 au 2010-10-08 ))))))))))))))))))))))))))))))))))))
.
2010-10-05 13:58 . 2010-10-05 13:59 -------- d-----w- c:\program files\mp3DirectCut
2010-09-22 12:01 . 2010-09-22 12:01 165296 ----a-w- c:\documents and settings\Hasoupix\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2010-09-22 12:00 . 2010-09-22 12:02 -------- d-----w- c:\documents and settings\Hasoupix\Application Data\IDM
2010-09-22 12:00 . 2010-10-03 21:45 -------- d-----w- c:\program files\Internet Download Manager
2010-09-13 16:11 . 2010-09-13 16:11 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-09-13 16:11 . 2008-11-21 13:28 94848 ----a-w- c:\windows\system32\drivers\sscdserd.sys
2010-09-13 16:11 . 2008-11-21 13:28 87296 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2010-09-13 16:11 . 2008-11-21 13:28 14976 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2010-09-13 16:11 . 2008-11-21 13:28 12160 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2010-09-13 16:11 . 2008-11-21 13:28 12160 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2010-09-13 16:11 . 2008-11-21 13:28 12160 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2010-09-13 16:11 . 2008-11-21 13:28 12160 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2010-09-13 16:11 . 2008-11-21 13:28 115968 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2010-09-13 01:59 . 2010-09-16 01:59 -------- d-----w- c:\program files\SpacialAudio
2010-09-13 01:59 . 2004-12-13 01:05 356437 ----a-w- c:\windows\system32\GDS32.DLL
2010-09-13 01:59 . 2010-09-13 01:59 -------- d-----w- c:\program files\Firebird
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 14:13 . 2010-05-09 10:46 -------- d-----w- c:\documents and settings\Hasoupix\Application Data\DMCache
2010-10-07 11:59 . 2010-05-09 19:25 -------- d-----w- c:\documents and settings\Hasoupix\Application Data\Media Player Classic
2010-10-07 03:48 . 2010-05-09 15:11 -------- d-----w- c:\program files\Mirc-MSN
2010-10-07 03:46 . 2010-02-07 20:40 -------- d-----w- c:\program files\mIRC&PnP
2010-10-03 19:40 . 2009-11-23 19:45 -------- d-----w- c:\program files\Modem Samsung SCH-U209
2010-10-03 19:21 . 2010-06-13 15:22 -------- d-----w- c:\documents and settings\Hasoupix\Application Data\Skype
2010-10-03 17:15 . 2010-05-21 00:12 -------- d-----w- c:\documents and settings\Hasoupix\Application Data\skypePM
2010-09-18 23:59 . 2010-05-28 15:46 -------- d-----w- c:\documents and settings\Hasoupix\Application Data\TeamViewer
2010-09-13 16:11 . 2009-05-22 18:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-07 17:56 . 2010-09-07 03:09 -------- d-----w- c:\program files\The Cleaner
2010-09-07 03:09 . 2010-09-07 03:09 -------- d-----w- c:\documents and settings\Hasoupix\Application Data\thecleaner
2010-09-04 03:28 . 2010-09-04 03:28 -------- d-----w- c:\program files\Analog Devices
2010-09-04 03:28 . 2009-07-18 16:39 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-09-04 03:11 . 2010-09-04 03:10 -------- d-----w- c:\program files\USB Disk Security
2010-09-02 17:06 . 2010-09-02 17:01 -------- d-----w- c:\program files\AutorunRemover
2010-08-20 11:39 . 2001-08-24 11:00 71248 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-20 11:39 . 2001-08-24 11:00 458230 ----a-w- c:\windows\system32\perfh00C.dat
2010-08-18 06:11 . 2010-04-02 18:46 -------- d-----w- c:\program files\Java
2010-08-17 16:01 . 2010-08-17 16:01 -------- d-----w- c:\documents and settings\Hasoupix\Application Data\Ufasoft
2010-08-10 12:26 . 2010-08-10 12:26 503808 ----a-w- c:\documents and settings\Hasoupix\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4747064e-n\msvcp71.dll
2010-08-10 12:26 . 2010-08-10 12:26 499712 ----a-w- c:\documents and settings\Hasoupix\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4747064e-n\jmc.dll
2010-08-10 12:26 . 2010-08-10 12:26 348160 ----a-w- c:\documents and settings\Hasoupix\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4747064e-n\msvcr71.dll
2010-08-10 12:26 . 2010-08-10 12:26 61440 ----a-w- c:\documents and settings\Hasoupix\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7e7de10f-n\decora-sse.dll
2010-08-10 12:26 . 2010-08-10 12:26 12800 ----a-w- c:\documents and settings\Hasoupix\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7e7de10f-n\decora-d3d.dll
2010-07-17 04:00 . 2010-07-01 14:31 423656 ----a-w- c:\windows\system32\deployJava1.dll
2004-08-03 22:54 . 2010-05-29 00:29 60416 --sha-w- c:\windows\NiwradSoft Shell Pack\Backup\msimn.exe
.
------- Sigcheck -------
[7] 2004-08-03 . 46990969761352F53B2310D266E2F1DF . 112640 . . [5.4.3790.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\wuauclt.exe
[-] 2004-08-03 . A7649452FC447A8C744C64627C936B62 . 117248 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-08-03 . A7649452FC447A8C744C64627C936B62 . 117248 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe
[7] 2004-08-03 . A53B48B5AB9A5DA76ED247D61B0B0ADD . 611328 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2004-08-03 . 34775204500EADE94A3E81CF4B9D1C3D . 636928 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-03 . 34775204500EADE94A3E81CF4B9D1C3D . 636928 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2004-08-03 . 97668958194B82F5B88EABC88ACA5AE1 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2001-08-24 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-03 . 3FE8D0C4C2F3B928192BD06DCEE34B32 . 3003392 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2004-08-03 . B2FF3DB5087EC13A0C6671DF9319B7F2 . 3332096 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-03 . B2FF3DB5087EC13A0C6671DF9319B7F2 . 3332096 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2004-08-03 . 36F32A5A83DF734E022734D93860A9A4 . 2150400 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2004-08-03 . 089B4C3D3CB991D591B01B715EE52234 . 2311680 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
[7] 2004-08-03 . E46FB493E3B33704F0715020CF52106B . 578048 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2004-08-03 . AEC6EC6B75F22AB88998E7690B8E32A4 . 578048 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
[-] 2004-08-03 . AEC6EC6B75F22AB88998E7690B8E32A4 . 578048 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\user32.dll
[7] 2004-08-03 . 58FE94EF42E074F4CAD8BF02E70E6478 . 660480 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2004-08-03 . CEB2320EB51D7458BDD447C0F5514613 . 770560 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-03 . CEB2320EB51D7458BDD447C0F5514613 . 770560 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
[-] 2004-08-03 . 8916C8D6EDE1509C2E394C537258ADFC . 1543168 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[7] 2004-08-03 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2004-08-03 . 8916C8D6EDE1509C2E394C537258ADFC . 1543168 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
[-] 2008-04-05 . D1110A51663318318C008C5836D243CE . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[7] 2004-08-03 . 5584247B568C2E53934873F4B655FE6A . 15360 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2004-08-03 . 3B6A6717B558A079316E41586201CF12 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-03 . 3B6A6717B558A079316E41586201CF12 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
[7] 2004-08-03 . 35567C8C50986C2BC5C3EFD79CB045E4 . 2017280 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2004-08-03 . 0DE0141AB2C69C8F1D721782219AEF63 . 2178560 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
[7] 2004-08-03 . 833E2B3F0E2484C0F2B804AE871B4381 . 93184 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
[-] 2004-08-03 . A38694E81EE4A51B38B1F2D4F1312A0D . 102912 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Z810PNP"="c:\program files\Modem Samsung SCH-U209\SamsungPnPServiceManager.exe" [2009-02-13 176128]
"Z810SysStart"="c:\program files\Modem Samsung SCH-U209\sysctrlU.exe" [2009-02-11 311296]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-06-23 1699128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-28 3872080]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-09-22 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-06-18 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
2007-08-09 13:48 528384 ----a-r- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutorunRemover.exe]
2008-06-18 23:51 1257472 ----a-w- c:\program files\AutorunRemover\AutorunRemover.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2010-09-22 12:00 2606512 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 08:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 08:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-09-28 14:26 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
2009-08-16 19:36 955392 ----a-w- c:\program files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-06-18 23:57 202256 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mirc-MSN\\mirc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [03/05/2010 16:56 135336]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [01/05/2010 11:58 271728]
.
Contenu du dossier 'Tâches planifiées'
2010-10-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-776561741-725345543-2102191381-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-10-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-725345543-2102191381-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.microsoft.com
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\Hasoupix\Application Data\Mozilla\Firefox\Profiles\8nrkd6jm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.ma/
FF - component: c:\documents and settings\Hasoupix\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
Notify-WgaLogon - (no file)
ActiveSetup-{14A8C5BB-0E2B-1711-10DB-17615B3DA513} - c:\windows\system32\watchurip\ip.exe
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-776561741-725345543-2102191381-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD769A25-0845-DE80-F766-080E19683BF8}*]
"iabcmjiagmiplfpfba"=hex:6a,61,69,65,6d,69,69,6f,62,64,66,61,69,6b,62,65,63,67,
70,65,00,00
"halpdnkljegafifa"=hex:6a,61,63,64,67,6b,70,64,61,65,70,69,6d,6c,6a,6c,6f,63,
69,65,00,ff
"iafbfjhafnhbnccafc"=hex:63,61,67,64,66,69,00,7c
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b3,5e,b0,f4,fe,43,ca,0f,e1,d6,ef,86,c1,10,c2,94,c5,cf,86,0d,6e,
d5,9f,d9,7f,3f,03,f4,84,91,c8,01,2d,1f,31,0c,8c,d1,b2,11,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{82d4c43f-a966-4c87-83e8-10a9420a3b11}]
@Denied: (Full) (Everyone)
"Model"=dword:000000f3
"Therad"=dword:0000000f
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,3b,45,1e,79,25,8f,29,26,f2,32,11,34,a4,e7,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\setupapi.dll
c:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(3904)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Heure de fin: 2010-10-08 14:16:35 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-08 14:16
ComboFix2.txt 2009-11-07 00:27
Avant-CF: 9 179 553 792 octets libres
Après-CF: 9 169 121 280 octets libres
- - End Of File - - 702BF7A96C4348C298FB1B00261DE0E5
Merci
A voir également:
- Rapport ComboFix
- Plan rapport de stage - Guide
- Rapport erreur windows - Guide
- Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport existant - Forum Excel
- Thème rapport de stage comptabilité - Forum Word
- Rapport sur le dark web - Accueil - Protection
10 réponses
écoute mon grand, ce n'est pas une histoire de performance !
on est tous des bénévoles ici et on n'a rien à prouver!
tu peux utiliser ces termes en allant dans une boutique informatique pour te faire dépanner, mais pas ici !
si tu penses qu'avec ta version de windows "non officielle" tu peux avoir une aide ici ou là, n'hésite pas.
sur CCM, on ne t'aidera pas, ceci est contraire à la charte
la moindre de chose est de demander de l'aide, avant même d'entreprendre des actions qui seraient suseptible de masquer l'origine d'une infection !!!
tu l'as déjà commencé, ...
sur ce, bonne continuation.
O.o°*??? Membre, Contributeur Sécurité CCM o°.Oø¤º°'°º¤ø
on est tous des bénévoles ici et on n'a rien à prouver!
tu peux utiliser ces termes en allant dans une boutique informatique pour te faire dépanner, mais pas ici !
si tu penses qu'avec ta version de windows "non officielle" tu peux avoir une aide ici ou là, n'hésite pas.
sur CCM, on ne t'aidera pas, ceci est contraire à la charte
la moindre de chose est de demander de l'aide, avant même d'entreprendre des actions qui seraient suseptible de masquer l'origine d'une infection !!!
tu l'as déjà commencé, ...
sur ce, bonne continuation.
O.o°*??? Membre, Contributeur Sécurité CCM o°.Oø¤º°'°º¤ø
bonjour,
je ne suis pas là pour te donner des leçons de moral, rien à f **** !!!
la politesse et la courtoisie font également parti de charte CCm!
puisque tu le prends sur ce ton, tu te débrouille !!!
là, je sais faire, mais je n'ai pas envie !!!
bonne continuation.
je ne suis pas là pour te donner des leçons de moral, rien à f **** !!!
la politesse et la courtoisie font également parti de charte CCm!
puisque tu le prends sur ce ton, tu te débrouille !!!
là, je sais faire, mais je n'ai pas envie !!!
bonne continuation.
Hello,
Combofix c'est pas un truc à faire à la légère quand même.
Si tu veux quelqu'un fasse un checkup de ton PC, il faut utiliser ZHPDiag par exemple.
Mais faut pas être parano, qu'est ce qui te fait penser que tu pourrais être infecté ?
Combofix c'est pas un truc à faire à la légère quand même.
Si tu veux quelqu'un fasse un checkup de ton PC, il faut utiliser ZHPDiag par exemple.
Mais faut pas être parano, qu'est ce qui te fait penser que tu pourrais être infecté ?
bonsoir tout le monde,
ça commencé ==>ICI<==
puis plus eu de nouvelles :o
O.o°*??? Membre, Contributeur Sécurité CCM o°.Oø¤º°'°º¤ø
ça commencé ==>ICI<==
puis plus eu de nouvelles :o
O.o°*??? Membre, Contributeur Sécurité CCM o°.Oø¤º°'°º¤ø
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
merci