Bamital-AE explorer.exe
cedric92170
Messages postés
3
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Avast me détecte Bamital-AE dans explorer.exe
Quand je boot mon pc l'explorer.exe ne se lance pas. Je n'ai que le bureau. (Acces au gestionnaire)
(J'ai reussi a avoir l'explorer en demarrant mon pc par je ne sais quelles raisons..)
-J'ai fait un scan complet avast en normal et en mode sans echec. (Les fichiers sont en lectures seules donc impossible a supprimer ou a mettre en quarantaine)
-J'ai fait l'analyse rapide de gemr
-Analyse complete de Malwarebytes (mais je n'arrive pas a telecharger les maj :/)
Aucune detection de virus.
J'ai scan le fichier explorer.exe sur virustotal.com
AhnLab-V3 2010.10.22.01 2010.10.22 -
AntiVir 7.10.13.27 2010.10.22 -
Antiy-AVL 2.0.3.7 2010.10.22 -
Authentium 5.2.0.5 2010.10.22 W32/Bamital.C
Avast 4.8.1351.0 2010.10.22 Win32:Bamital-AE
Avast5 5.0.594.0 2010.10.22 Win32:Bamital-AE
AVG 9.0.0.851 2010.10.22 -
BitDefender 7.2 2010.10.22 Trojan.Patched.GM
CAT-QuickHeal 11.00 2010.10.22 -
ClamAV 0.96.2.0-git 2010.10.22 Trojan.Patched-155
Comodo 6479 2010.10.22 -
DrWeb 5.0.2.03300 2010.10.22 -
Emsisoft 5.0.0.50 2010.10.22 Virus.Win32.Bamital!IK
eSafe 7.0.17.0 2010.10.21 -
eTrust-Vet 36.1.7928 2010.10.22 Win32/Bamital.AP
F-Prot 4.6.2.117 2010.10.22 W32/Bamital.C
F-Secure 9.0.16160.0 2010.10.22 Trojan.Patched.GM
Fortinet 4.2.249.0 2010.10.22 -
GData 21 2010.10.22 Trojan.Patched.GM
Ikarus T3.1.1.90.0 2010.10.22 Virus.Win32.Bamital
Jiangmin 13.0.900 2010.10.22 -
K7AntiVirus 9.66.2813 2010.10.22 Virus
Kaspersky 7.0.0.125 2010.10.22 Trojan.Win32.Patched.kl
McAfee 5.400.0.1158 2010.10.22 W32/Bamital.a
McAfee-GW-Edition 2010.1C 2010.10.22 -
Microsoft 1.6301 2010.10.22 Virus:Win32/Bamital.F
NOD32 5555 2010.10.22 Win32/Bamital.EL
Norman 6.06.10 2010.10.22 W32/Patched.X
nProtect 2010-10-22.01 2010.10.22 Trojan.Patched.GM
Panda 10.0.2.7 2010.10.22 -
PCTools 7.0.3.5 2010.10.22 Trojan.Bamital
Prevx 3.0 2010.10.22 -
Rising 22.70.03.04 2010.10.22 -
Sophos 4.58.0 2010.10.22 Troj/Patched-O
Sunbelt 7118 2010.10.22 Virus.Win32.Bamital.c (v)
SUPERAntiSpyware 4.40.0.1006 2010.10.22 -
Symantec 20101.2.0.161 2010.10.22 Trojan.Bamital!inf
TheHacker 6.7.0.1.064 2010.10.21 -
TrendMicro 9.120.0.1004 2010.10.22 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.22 -
VBA32 3.12.14.1 2010.10.22 -
ViRobot 2010.9.25.4060 2010.10.22 Win32.Patched.AF.C
VirusBuster 12.69.13.0 2010.10.22 -
Aidez-moi s'il vous plait =( je commence a desesperer =(
Merci d'avance
Avast me détecte Bamital-AE dans explorer.exe
Quand je boot mon pc l'explorer.exe ne se lance pas. Je n'ai que le bureau. (Acces au gestionnaire)
(J'ai reussi a avoir l'explorer en demarrant mon pc par je ne sais quelles raisons..)
-J'ai fait un scan complet avast en normal et en mode sans echec. (Les fichiers sont en lectures seules donc impossible a supprimer ou a mettre en quarantaine)
-J'ai fait l'analyse rapide de gemr
-Analyse complete de Malwarebytes (mais je n'arrive pas a telecharger les maj :/)
Aucune detection de virus.
J'ai scan le fichier explorer.exe sur virustotal.com
AhnLab-V3 2010.10.22.01 2010.10.22 -
AntiVir 7.10.13.27 2010.10.22 -
Antiy-AVL 2.0.3.7 2010.10.22 -
Authentium 5.2.0.5 2010.10.22 W32/Bamital.C
Avast 4.8.1351.0 2010.10.22 Win32:Bamital-AE
Avast5 5.0.594.0 2010.10.22 Win32:Bamital-AE
AVG 9.0.0.851 2010.10.22 -
BitDefender 7.2 2010.10.22 Trojan.Patched.GM
CAT-QuickHeal 11.00 2010.10.22 -
ClamAV 0.96.2.0-git 2010.10.22 Trojan.Patched-155
Comodo 6479 2010.10.22 -
DrWeb 5.0.2.03300 2010.10.22 -
Emsisoft 5.0.0.50 2010.10.22 Virus.Win32.Bamital!IK
eSafe 7.0.17.0 2010.10.21 -
eTrust-Vet 36.1.7928 2010.10.22 Win32/Bamital.AP
F-Prot 4.6.2.117 2010.10.22 W32/Bamital.C
F-Secure 9.0.16160.0 2010.10.22 Trojan.Patched.GM
Fortinet 4.2.249.0 2010.10.22 -
GData 21 2010.10.22 Trojan.Patched.GM
Ikarus T3.1.1.90.0 2010.10.22 Virus.Win32.Bamital
Jiangmin 13.0.900 2010.10.22 -
K7AntiVirus 9.66.2813 2010.10.22 Virus
Kaspersky 7.0.0.125 2010.10.22 Trojan.Win32.Patched.kl
McAfee 5.400.0.1158 2010.10.22 W32/Bamital.a
McAfee-GW-Edition 2010.1C 2010.10.22 -
Microsoft 1.6301 2010.10.22 Virus:Win32/Bamital.F
NOD32 5555 2010.10.22 Win32/Bamital.EL
Norman 6.06.10 2010.10.22 W32/Patched.X
nProtect 2010-10-22.01 2010.10.22 Trojan.Patched.GM
Panda 10.0.2.7 2010.10.22 -
PCTools 7.0.3.5 2010.10.22 Trojan.Bamital
Prevx 3.0 2010.10.22 -
Rising 22.70.03.04 2010.10.22 -
Sophos 4.58.0 2010.10.22 Troj/Patched-O
Sunbelt 7118 2010.10.22 Virus.Win32.Bamital.c (v)
SUPERAntiSpyware 4.40.0.1006 2010.10.22 -
Symantec 20101.2.0.161 2010.10.22 Trojan.Bamital!inf
TheHacker 6.7.0.1.064 2010.10.21 -
TrendMicro 9.120.0.1004 2010.10.22 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.22 -
VBA32 3.12.14.1 2010.10.22 -
ViRobot 2010.9.25.4060 2010.10.22 Win32.Patched.AF.C
VirusBuster 12.69.13.0 2010.10.22 -
Aidez-moi s'il vous plait =( je commence a desesperer =(
Merci d'avance
A voir également:
- Bamital-AE explorer.exe
- Explorer.exe - Télécharger - Divers Utilitaires
- "Pourquoi explorer.exe plante?" ✓ - Forum Windows
- Explorer.exe trèèèès gourmand ✓ - Forum Windows
- Explorer.exe plante systematiquement ✓ - Forum Windows
- Explorer.exe - Forum Windows
2 réponses
Bonsoir
Télécharge OTLPENet sur le bureau.
Double clique ou clic droit sous Vista oy Seven pour lancer l'application.
On va te demander si tu veux graver ...
Prépare un CD vierge et lance OTLPENet, cela va te permettre de graver une image iso.
Note : Le CD gravé, il faut maintenant redémarrer la machine sur le lecteur CDROM
Pour se faire suivre ce lien : Booter sur un CD
Tuto OTLPE
Tu lances l'iso d'OTLPENet que tu as gravé.
* une fois le bureau de reatogo chargé , tu lances OTLPE , l'icône jaune
* Double-clique sur l'icone OTLPE
* quand demandé "Do you wish to load the remote registry", select Yes
* quand demandé "Do you wish to load remote user profile(s) for scanning", select Yes
* vérifier que "Automatically Load All Remaining Users" est sélectionné et press OK
* sous Custom Scan box
1) copie_colle le contenu du cadre ci dessous:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
cdrom.sys
disk.sys
ndis.sys
mountmgr.sys
aec.sys
rasacd.sys
mrxsmb10.sys
mrxsmb20.sys
termdd.sys
mrxsmb.sys
win32k.sys
storport.sys
IdeChnDr.sys
viasraid.sys
explorer.exe
winlogon.exe
wininit.exe
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
* copie colle ce texte dans un fichier texte|bloc note que tu enregistres sur clé usb que tu brancheras sous reatogo tu pourras alors facilement le copier\coller.
* 2) Clic Run Scan pour démarrer le scan.
* Une fois terminé , le fichier se trouve là C:\OTL.txt
* Copie_colle le contenu dans ta prochaine réponse.
@+
Télécharge OTLPENet sur le bureau.
Double clique ou clic droit sous Vista oy Seven pour lancer l'application.
On va te demander si tu veux graver ...
Prépare un CD vierge et lance OTLPENet, cela va te permettre de graver une image iso.
Note : Le CD gravé, il faut maintenant redémarrer la machine sur le lecteur CDROM
Pour se faire suivre ce lien : Booter sur un CD
Tuto OTLPE
Tu lances l'iso d'OTLPENet que tu as gravé.
* une fois le bureau de reatogo chargé , tu lances OTLPE , l'icône jaune
* Double-clique sur l'icone OTLPE
* quand demandé "Do you wish to load the remote registry", select Yes
* quand demandé "Do you wish to load remote user profile(s) for scanning", select Yes
* vérifier que "Automatically Load All Remaining Users" est sélectionné et press OK
* sous Custom Scan box
1) copie_colle le contenu du cadre ci dessous:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
cdrom.sys
disk.sys
ndis.sys
mountmgr.sys
aec.sys
rasacd.sys
mrxsmb10.sys
mrxsmb20.sys
termdd.sys
mrxsmb.sys
win32k.sys
storport.sys
IdeChnDr.sys
viasraid.sys
explorer.exe
winlogon.exe
wininit.exe
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
* copie colle ce texte dans un fichier texte|bloc note que tu enregistres sur clé usb que tu brancheras sous reatogo tu pourras alors facilement le copier\coller.
* 2) Clic Run Scan pour démarrer le scan.
* Une fois terminé , le fichier se trouve là C:\OTL.txt
* Copie_colle le contenu dans ta prochaine réponse.
@+
Bonjour Guillaume5188,
Merci de votre réponse rapide, mais j'ai lancé un scan avec Combofix entre temps et j'ai l'impression qu'il m'a desinfecté mes fichiers.
Je te passe le log de combofix et tu peux me dire si je me trompe pas ?
ComboFix 10-10-22.03 - CEDRIC 22/10/2010 20:59:16.1.4 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3327.2459 [GMT 2:00]
Lancé depuis: c:\documents and settings\CEDRIC\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Documents\Server\admin.txt
c:\documents and settings\All Users\Documents\Server\server.dat
c:\documents and settings\All Users\Menu Démarrer\Programmes\ShopperReports
c:\documents and settings\All Users\Menu Démarrer\Programmes\ShopperReports\About Us.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\ShopperReports\Customer Support.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\ShopperReports\ShopperReports Uninstall Instructions.lnk
c:\documents and settings\CEDRIC\Application Data\ShopperReports3
c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\Config.xml
c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs
c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\db\Sites.dbs
c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip
c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml
c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\report\send_storage.xml
c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\res1\WhiteList.dbs
c:\windows\system32\Cache
Une copie infectée de c:\windows\system32\winlogon.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\winlogon.exe
Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\$NtServicePackUninstall$\explorer.exe
c:\windows\system32\drivers\cdrom.sys était absent
Copie restaurée à partir de - c:\windows\system32\dllcache\cdrom.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-22 au 2010-10-22 ))))))))))))))))))))))))))))))))))))
.
2010-10-22 19:01 . 2008-04-13 09:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-10-22 16:51 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-10-22 16:50 . 2001-08-23 14:46 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2010-10-22 16:49 . 2001-08-23 14:15 54954 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2010-10-22 16:48 . 2001-08-17 18:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-10-22 16:47 . 2001-08-23 14:47 92160 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2010-10-22 16:46 . 2001-08-17 19:07 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
2010-10-22 16:45 . 2001-08-23 14:02 14080 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-10-22 16:44 . 2001-08-23 14:46 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-10-22 10:13 . 2010-10-22 10:13 -------- d-----w- c:\documents and settings\Administrateur
2010-10-21 23:13 . 2009-08-06 17:24 16096 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-10-21 23:09 . 2010-10-21 23:09 -------- d--h--w- c:\windows\PIF
2010-10-18 17:49 . 2010-10-18 17:49 204080 ----a-w- c:\temp\vlc-1.1.4-win32.exe
2010-10-18 17:49 . 2010-10-18 17:49 -------- d-----w- C:\Temp
2010-10-16 19:41 . 2010-10-16 19:41 -------- d-----w- c:\documents and settings\CEDRIC\Application Data\vShare
2010-10-14 18:27 . 2008-06-10 17:02 34296 ----a-w- c:\windows\system32\drivers\mbamcatchme.sys
2010-10-14 18:27 . 2008-06-10 17:02 15864 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 17:40 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 17:38 . 2010-10-14 17:38 -------- d-----w- c:\documents and settings\LocalService\Bureau
2010-10-14 17:23 . 2010-10-14 17:23 -------- d-----w- c:\documents and settings\CEDRIC\Local Settings\Application Data\Sunbelt Software
2010-10-14 17:22 . 2010-10-14 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-10-14 17:00 . 2010-10-14 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-13 18:34 . 2010-10-13 18:34 -------- d-----w- c:\documents and settings\CEDRIC\Application Data\mojosoft
2010-10-12 19:25 . 2010-10-12 12:39 843576 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2010-10-12 19:25 . 2010-10-12 19:25 -------- d-----w- c:\program files\EslWire
2010-10-10 19:01 . 2010-10-15 20:46 -------- d-----w- c:\documents and settings\CEDRIC\Application Data\Octoshape
2010-10-09 19:01 . 2010-10-09 19:01 -------- d-----w- c:\program files\iPod
2010-10-09 18:55 . 2010-10-09 18:55 -------- d-----w- c:\program files\Bonjour
2010-09-30 18:49 . 2010-09-30 18:49 -------- d-----w- c:\documents and settings\CEDRIC\Application Data\RayV
2010-09-26 10:51 . 2010-10-14 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-26 10:51 . 2010-09-26 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-26 02:44 . 2010-09-26 02:44 -------- d-----w- c:\documents and settings\CEDRIC\Application Data\Malwarebytes
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-12 08:30 . 2010-06-09 18:00 24504 ----a-w- c:\windows\system32\drivers\ESLvnic.sys
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-08-10 11:52 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-08-22 21:47 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-08-22 21:47 46672 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-08-22 21:47 165584 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-08-22 21:47 23376 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-08-22 21:47 100176 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2009-08-22 21:47 94544 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2009-08-22 21:47 17744 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2009-08-22 21:47 28880 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-04-13 17:34 60416 -csha-w- c:\windows\BricoPacks\SysFiles\80_msimn.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
c:\documents and settings\CEDRIC\Menu D'marrer\Programmes\D'marrage\
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^CEDRIC^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\CEDRIC\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 -c--a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-21 22:28 47904 ----a-w- c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]
2008-12-11 11:45 114688 -c--a-w- c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 17:34 15360 -c--a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 14:05 118640 -c--a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\documents and settings\CEDRIC\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2008-03-24 10:43 884736 -c--a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2008-03-17 03:29 1040384 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-02 10:32 98304 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-22 21:24 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-22 21:19 39408 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-07-24 14:05 762208 -c--a-w- c:\windows\vVX3000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\Mes jeux\\Steam\\steamapps\\klute92\\counter-strike\\hl.exe"=
"d:\\Mes jeux\\Steam\\steamapps\\klute92\\condition zero\\hl.exe"=
"d:\\Mes jeux\\Steam\\steamapps\\kaly92\\counter-strike\\hl.exe"=
"d:\\Mes jeux\\Steam\\steamapps\\gkc92\\condition zero\\hl.exe"=
"d:\\Mes jeux\\Steam\\steamapps\\klute92\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"d:\\Mes jeux\\Steam\\steamapps\\gkc92\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6881:TCP"= 6881:TCP:League of Legends Launcher
"6881:UDP"= 6881:UDP:League of Legends Launcher
"56441:TCP"= 56441:TCP:Pando Media Booster
"56441:UDP"= 56441:UDP:Pando Media Booster
"1048:TCP"= 1048:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
R0 mrdd;Marvell Removable Disk Control Driver;c:\windows\system32\drivers\mrdd.sys [10/08/2009 03:40 18984]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [09/02/2009 04:30 152616]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22/08/2009 23:47 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/08/2009 23:47 17744]
R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [12/10/2010 21:25 843576]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [09/06/2010 20:00 24504]
S2 gupdate1ca236e5d6c11fe;Service Google Update (gupdate1ca236e5d6c11fe);c:\program files\Google\Update\GoogleUpdate.exe [22/08/2009 23:20 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - GTNDIS5
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2010-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
2010-10-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-22 21:19]
2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 21:20]
2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 21:20]
2010-10-22 c:\windows\Tasks\User_Feed_Synchronization-{679E4B6F-57E2-4DF6-9C6B-96CA9CC45F5E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\CEDRIC\Application Data\Mozilla\Firefox\Profiles\5ed2qe47.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567681&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Messenger Plus Live France Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2567681&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567681&q=
FF - component: c:\documents and settings\CEDRIC\Application Data\Mozilla\Firefox\Profiles\5ed2qe47.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\CEDRIC\Application Data\Mozilla\Firefox\Profiles\5ed2qe47.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\CEDRIC\Application Data\Mozilla\Firefox\Profiles\5ed2qe47.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\CEDRIC\Application Data\Mozilla\Firefox\Profiles\5ed2qe47.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-TopDesk - d:\topdesk\topdesk.exe
MSConfigStartUp-Camfrog - c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
MSConfigStartUp-CmUsbSound - cmcnfgu.cpl
MSConfigStartUp-CurseClient - c:\program files\Curse\CurseClient.exe
MSConfigStartUp-FBSearch - c:\program files\Search Guard Plus\SearchGuardPlus.exe
MSConfigStartUp-HotbarSA - c:\program files\Hotbar\bin\11.0.175.0\HotbarSA.exe
MSConfigStartUp-ooVoo - c:\program files\ooVoo\oovoo.exe
MSConfigStartUp-RayV - c:\program files\RayV\RayV\RayV.exe
MSConfigStartUp-Regedit32 - c:\windows\system32\regedit.exe
MSConfigStartUp-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
MSConfigStartUp-syncman - c:\windows\system32\wuaucldt.exe
MSConfigStartUp-WeatherDPA - c:\program files\Hotbar\bin\11.0.175.0\Weather.exe
AddRemove-CurseClient - c:\program files\Curse\uninstall.exe
AddRemove-eMule - c:\program files\eMule\Uninstall.exe
AddRemove-Marvell Miniport Driver - c:\program files\Marvell\Miniport Driver\Uninst.exe
AddRemove-mv61xxDriver - c:\program files\Marvell\61xx\uninst-61xx.exe
AddRemove-Neffy - c:\program files\Neffy\uninst.exe
AddRemove-RayV - c:\program files\RayV\RayV\uninstall.exe
AddRemove-Steam App 10 - c:\program files\Steam\steam.exe
AddRemove-Steam App 240 - c:\program files\Steam\steam.exe
AddRemove-Steam App 400 - c:\program files\Steam\steam.exe
AddRemove-vShare - c:\program files\vShare\UNINSTALL.exe
AddRemove-Wow Cartographe - c:\program files\WowCartographe\uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-TopDesk - d:\topdesk\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-22 21:04
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1801674531-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{691F6FF7-DA38-04D9-06E2-9362D8D14A62}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oacemhmebkaaachejginagnapgkojg"=hex:6a,61,6f,66,69,63,6b,62,6f,66,6b,69,61,66,
64,6c,61,69,63,6c,00,00
"namdcopocgahgjfbeomiiiajnhmk"=hex:69,61,65,68,69,64,6d,67,61,66,67,62,62,70,
61,68,61,6c,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2412)
c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-10-22 21:07:26 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-22 19:07
Avant-CF: 54 259 572 736 octets libres
Après-CF: 55 562 964 992 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
- - End Of File - - 21117CBCA96FFB523810708174A411E7
Merci d'avance
Merci de votre réponse rapide, mais j'ai lancé un scan avec Combofix entre temps et j'ai l'impression qu'il m'a desinfecté mes fichiers.
Je te passe le log de combofix et tu peux me dire si je me trompe pas ?
ComboFix 10-10-22.03 - CEDRIC 22/10/2010 20:59:16.1.4 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3327.2459 [GMT 2:00]
Lancé depuis: c:\documents and settings\CEDRIC\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Documents\Server\admin.txt
c:\documents and settings\All Users\Documents\Server\server.dat
c:\documents and settings\All Users\Menu Démarrer\Programmes\ShopperReports
c:\documents and settings\All Users\Menu Démarrer\Programmes\ShopperReports\About Us.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\ShopperReports\Customer Support.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\ShopperReports\ShopperReports Uninstall Instructions.lnk
c:\documents and settings\CEDRIC\Application Data\ShopperReports3
c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\Config.xml
c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs
c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\db\Sites.dbs
c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip
c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml
c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\report\send_storage.xml
c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\res1\WhiteList.dbs
c:\windows\system32\Cache
Une copie infectée de c:\windows\system32\winlogon.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\winlogon.exe
Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\$NtServicePackUninstall$\explorer.exe
c:\windows\system32\drivers\cdrom.sys était absent
Copie restaurée à partir de - c:\windows\system32\dllcache\cdrom.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-22 au 2010-10-22 ))))))))))))))))))))))))))))))))))))
.
2010-10-22 19:01 . 2008-04-13 09:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-10-22 16:51 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-10-22 16:50 . 2001-08-23 14:46 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2010-10-22 16:49 . 2001-08-23 14:15 54954 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2010-10-22 16:48 . 2001-08-17 18:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-10-22 16:47 . 2001-08-23 14:47 92160 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2010-10-22 16:46 . 2001-08-17 19:07 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
2010-10-22 16:45 . 2001-08-23 14:02 14080 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-10-22 16:44 . 2001-08-23 14:46 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-10-22 10:13 . 2010-10-22 10:13 -------- d-----w- c:\documents and settings\Administrateur
2010-10-21 23:13 . 2009-08-06 17:24 16096 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-10-21 23:09 . 2010-10-21 23:09 -------- d--h--w- c:\windows\PIF
2010-10-18 17:49 . 2010-10-18 17:49 204080 ----a-w- c:\temp\vlc-1.1.4-win32.exe
2010-10-18 17:49 . 2010-10-18 17:49 -------- d-----w- C:\Temp
2010-10-16 19:41 . 2010-10-16 19:41 -------- d-----w- c:\documents and settings\CEDRIC\Application Data\vShare
2010-10-14 18:27 . 2008-06-10 17:02 34296 ----a-w- c:\windows\system32\drivers\mbamcatchme.sys
2010-10-14 18:27 . 2008-06-10 17:02 15864 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 17:40 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 17:38 . 2010-10-14 17:38 -------- d-----w- c:\documents and settings\LocalService\Bureau
2010-10-14 17:23 . 2010-10-14 17:23 -------- d-----w- c:\documents and settings\CEDRIC\Local Settings\Application Data\Sunbelt Software
2010-10-14 17:22 . 2010-10-14 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-10-14 17:00 . 2010-10-14 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-13 18:34 . 2010-10-13 18:34 -------- d-----w- c:\documents and settings\CEDRIC\Application Data\mojosoft
2010-10-12 19:25 . 2010-10-12 12:39 843576 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2010-10-12 19:25 . 2010-10-12 19:25 -------- d-----w- c:\program files\EslWire
2010-10-10 19:01 . 2010-10-15 20:46 -------- d-----w- c:\documents and settings\CEDRIC\Application Data\Octoshape
2010-10-09 19:01 . 2010-10-09 19:01 -------- d-----w- c:\program files\iPod
2010-10-09 18:55 . 2010-10-09 18:55 -------- d-----w- c:\program files\Bonjour
2010-09-30 18:49 . 2010-09-30 18:49 -------- d-----w- c:\documents and settings\CEDRIC\Application Data\RayV
2010-09-26 10:51 . 2010-10-14 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-26 10:51 . 2010-09-26 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-26 02:44 . 2010-09-26 02:44 -------- d-----w- c:\documents and settings\CEDRIC\Application Data\Malwarebytes
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-12 08:30 . 2010-06-09 18:00 24504 ----a-w- c:\windows\system32\drivers\ESLvnic.sys
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-08-10 11:52 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-08-22 21:47 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-08-22 21:47 46672 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-08-22 21:47 165584 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-08-22 21:47 23376 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-08-22 21:47 100176 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2009-08-22 21:47 94544 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2009-08-22 21:47 17744 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2009-08-22 21:47 28880 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-04-13 17:34 60416 -csha-w- c:\windows\BricoPacks\SysFiles\80_msimn.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
c:\documents and settings\CEDRIC\Menu D'marrer\Programmes\D'marrage\
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^CEDRIC^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\CEDRIC\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 -c--a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-21 22:28 47904 ----a-w- c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]
2008-12-11 11:45 114688 -c--a-w- c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 17:34 15360 -c--a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 14:05 118640 -c--a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\documents and settings\CEDRIC\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2008-03-24 10:43 884736 -c--a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2008-03-17 03:29 1040384 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-02 10:32 98304 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-22 21:24 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-22 21:19 39408 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-07-24 14:05 762208 -c--a-w- c:\windows\vVX3000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\Mes jeux\\Steam\\steamapps\\klute92\\counter-strike\\hl.exe"=
"d:\\Mes jeux\\Steam\\steamapps\\klute92\\condition zero\\hl.exe"=
"d:\\Mes jeux\\Steam\\steamapps\\kaly92\\counter-strike\\hl.exe"=
"d:\\Mes jeux\\Steam\\steamapps\\gkc92\\condition zero\\hl.exe"=
"d:\\Mes jeux\\Steam\\steamapps\\klute92\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"d:\\Mes jeux\\Steam\\steamapps\\gkc92\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6881:TCP"= 6881:TCP:League of Legends Launcher
"6881:UDP"= 6881:UDP:League of Legends Launcher
"56441:TCP"= 56441:TCP:Pando Media Booster
"56441:UDP"= 56441:UDP:Pando Media Booster
"1048:TCP"= 1048:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
R0 mrdd;Marvell Removable Disk Control Driver;c:\windows\system32\drivers\mrdd.sys [10/08/2009 03:40 18984]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [09/02/2009 04:30 152616]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22/08/2009 23:47 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/08/2009 23:47 17744]
R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [12/10/2010 21:25 843576]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [09/06/2010 20:00 24504]
S2 gupdate1ca236e5d6c11fe;Service Google Update (gupdate1ca236e5d6c11fe);c:\program files\Google\Update\GoogleUpdate.exe [22/08/2009 23:20 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - GTNDIS5
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2010-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
2010-10-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-22 21:19]
2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 21:20]
2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 21:20]
2010-10-22 c:\windows\Tasks\User_Feed_Synchronization-{679E4B6F-57E2-4DF6-9C6B-96CA9CC45F5E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\CEDRIC\Application Data\Mozilla\Firefox\Profiles\5ed2qe47.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567681&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Messenger Plus Live France Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2567681&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567681&q=
FF - component: c:\documents and settings\CEDRIC\Application Data\Mozilla\Firefox\Profiles\5ed2qe47.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\CEDRIC\Application Data\Mozilla\Firefox\Profiles\5ed2qe47.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\CEDRIC\Application Data\Mozilla\Firefox\Profiles\5ed2qe47.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\CEDRIC\Application Data\Mozilla\Firefox\Profiles\5ed2qe47.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-TopDesk - d:\topdesk\topdesk.exe
MSConfigStartUp-Camfrog - c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
MSConfigStartUp-CmUsbSound - cmcnfgu.cpl
MSConfigStartUp-CurseClient - c:\program files\Curse\CurseClient.exe
MSConfigStartUp-FBSearch - c:\program files\Search Guard Plus\SearchGuardPlus.exe
MSConfigStartUp-HotbarSA - c:\program files\Hotbar\bin\11.0.175.0\HotbarSA.exe
MSConfigStartUp-ooVoo - c:\program files\ooVoo\oovoo.exe
MSConfigStartUp-RayV - c:\program files\RayV\RayV\RayV.exe
MSConfigStartUp-Regedit32 - c:\windows\system32\regedit.exe
MSConfigStartUp-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
MSConfigStartUp-syncman - c:\windows\system32\wuaucldt.exe
MSConfigStartUp-WeatherDPA - c:\program files\Hotbar\bin\11.0.175.0\Weather.exe
AddRemove-CurseClient - c:\program files\Curse\uninstall.exe
AddRemove-eMule - c:\program files\eMule\Uninstall.exe
AddRemove-Marvell Miniport Driver - c:\program files\Marvell\Miniport Driver\Uninst.exe
AddRemove-mv61xxDriver - c:\program files\Marvell\61xx\uninst-61xx.exe
AddRemove-Neffy - c:\program files\Neffy\uninst.exe
AddRemove-RayV - c:\program files\RayV\RayV\uninstall.exe
AddRemove-Steam App 10 - c:\program files\Steam\steam.exe
AddRemove-Steam App 240 - c:\program files\Steam\steam.exe
AddRemove-Steam App 400 - c:\program files\Steam\steam.exe
AddRemove-vShare - c:\program files\vShare\UNINSTALL.exe
AddRemove-Wow Cartographe - c:\program files\WowCartographe\uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-TopDesk - d:\topdesk\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-22 21:04
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1801674531-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{691F6FF7-DA38-04D9-06E2-9362D8D14A62}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oacemhmebkaaachejginagnapgkojg"=hex:6a,61,6f,66,69,63,6b,62,6f,66,6b,69,61,66,
64,6c,61,69,63,6c,00,00
"namdcopocgahgjfbeomiiiajnhmk"=hex:69,61,65,68,69,64,6d,67,61,66,67,62,62,70,
61,68,61,6c,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2412)
c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-10-22 21:07:26 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-22 19:07
Avant-CF: 54 259 572 736 octets libres
Après-CF: 55 562 964 992 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
- - End Of File - - 21117CBCA96FFB523810708174A411E7
Merci d'avance
