Salut tlm jai un ti probleme
max1423
-
Tigzy Messages postés 7983 Statut Contributeur sécurité -
Tigzy Messages postés 7983 Statut Contributeur sécurité -
Bonjour,
jai un probleme jai deux virus cheval de trois et je c pas top quoi en faire je conait rien en informatique ... jai telecharger combofix ya fais son travail et la y ma sorti se qui suit .... --- ????
ComboFix 11-02-20.03 - Administrateur 21/02/2011 18:26:13.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1279.644 [GMT -5:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Un nouveau point de restauration a été créé
* Un antivirus résident est actif
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur\Application Data\ShoppingReport2
c:\documents and settings\Administrateur\Application Data\ShoppingReport2\cs\Config.xml
c:\documents and settings\Administrateur\Application Data\ShoppingReport2\cs\db\Aliases.dbs
c:\documents and settings\Administrateur\Application Data\ShoppingReport2\cs\db\Sites.dbs
c:\documents and settings\Administrateur\Application Data\ShoppingReport2\cs\dwld\WhiteList.xip
c:\documents and settings\Administrateur\Application Data\ShoppingReport2\cs\report\aggr_storage.xml
c:\documents and settings\Administrateur\Application Data\ShoppingReport2\cs\report\send_storage.xml
c:\documents and settings\Administrateur\Application Data\ShoppingReport2\cs\res2\WhiteList.dbs
c:\documents and settings\All Users\Application Data\QuestBrwSearch
c:\documents and settings\All Users\Application Data\QuestBrwSearch\questbrowse119.exe
c:\documents and settings\All Users\Application Data\QuestBrwSearch\questbrowse127.exe
c:\program files\QuestBrwSearch
c:\program files\QuestBrwSearch\questbrwsearch.dll
c:\program files\QuestBrwSearch\questbrwsearch.exe
c:\program files\QuestBrwSearch\uninstall.exe
c:\program files\ShoppingReport2
c:\program files\ShoppingReport2\Bin\2.7.21\ShoppingReport.dll
c:\program files\ShoppingReport2\Uninst.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
-------\Legacy_QuestBrowse_Service
-------\Legacy_QuestBrowse_Service
-------\Service_QuestBrowse Service
-------\Service_QuestBrowse Service
((((((((((((((((((((((((((((( Fichiers créés du 2011-01-21 au 2011-02-21 ))))))))))))))))))))))))))))))))))))
.
2011-02-21 11:54 . 2011-02-21 11:54 -------- d-----w- c:\documents and settings\Administrateur\Application Data\SecondLife
2011-02-21 11:53 . 2011-02-21 12:38 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\SecondLife
2011-02-21 11:51 . 2011-02-21 11:55 -------- d-----w- c:\program files\SecondLifeViewer2
2011-02-12 01:11 . 2011-02-12 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\82E
2011-02-05 00:42 . 2011-02-05 00:42 1409 ----a-w- c:\windows\QTFont.for
2011-02-01 17:26 . 2011-02-01 17:26 -------- d-----w- c:\documents and settings\Administrateur\Application Data\imeshbandmltbpi
2011-02-01 16:40 . 2011-02-06 19:57 -------- d-----w- c:\documents and settings\Administrateur\Application Data\mediabarim
2011-02-01 16:39 . 2011-02-12 01:51 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\iMesh
2011-02-01 16:39 . 2011-02-01 16:40 -------- d-----w- c:\program files\iMesh Applications
2011-02-01 16:39 . 2011-02-01 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\iMesh
2011-02-01 16:38 . 2011-02-01 16:40 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{22F613F4-83CD-4A76-A4FB-AE751A013BCA}
2011-02-01 16:37 . 2011-02-01 16:37 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\PackageAware
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2003-04-24 12:00 441344 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-04-24 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2003-04-24 12:00 1855104 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2005-06-15 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:06 . 2006-06-23 17:28 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:06 . 2003-04-24 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:06 . 2008-04-30 03:11 78336 ------w- c:\windows\system32\ieencode.dll
2010-12-20 23:06 . 2003-04-24 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26 . 2003-04-24 12:00 736768 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-30 03:11 389120 ------w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2003-04-24 12:00 743424 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2003-04-24 12:00 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2002-08-29 11:42 2071424 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2003-04-24 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-01-24 15:45 89008 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-01-25 12:24 721288 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll" [2011-01-24 89008]
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-25 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-08 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-01-13 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-01-13 114688]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-04-28 249856]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-12 270336]
"snp2std"="c:\windows\vsnp2std.exe" [2007-05-10 344064]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-02-22 72192]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-17 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\amcap.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.imesh.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b4b5ee72919d4b66b1c6692342ad134e
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b4b5ee72919d4b66b1c6692342ad134e
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-10 - (no file)
AddRemove-AVIConverter - c:\documents and settings\Administrateur\Bureau\mp3\AVIConverter\uninst.exe
AddRemove-QuestBrowse - c:\program files\QuestBrwSearch\uninstall.exe
AddRemove-{2460923D-1AA6-47FE-A375-76308780D20F} - c:\program files\InstallShield Installation Information\{2460923D-1AA6-47FE-A375-76308780D20F}\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-21 18:36
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3456)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Heure de fin: 2011-02-21 18:42:06 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-02-21 23:42
Avant-CF: 20 017 270 784 octets libres
Après-CF: 20 307 927 040 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
- - End Of File - - 29BFB8B5EFF9EBAA0AF2C921D39A78D6
----------------------------------------------------------------------------
c quoi que c ? sa veux dire quoi ?? jespere avoir d reponse ?
merci a tlm qui von maidé a +
jai un probleme jai deux virus cheval de trois et je c pas top quoi en faire je conait rien en informatique ... jai telecharger combofix ya fais son travail et la y ma sorti se qui suit .... --- ????
ComboFix 11-02-20.03 - Administrateur 21/02/2011 18:26:13.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1279.644 [GMT -5:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Un nouveau point de restauration a été créé
* Un antivirus résident est actif
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur\Application Data\ShoppingReport2
c:\documents and settings\Administrateur\Application Data\ShoppingReport2\cs\Config.xml
c:\documents and settings\Administrateur\Application Data\ShoppingReport2\cs\db\Aliases.dbs
c:\documents and settings\Administrateur\Application Data\ShoppingReport2\cs\db\Sites.dbs
c:\documents and settings\Administrateur\Application Data\ShoppingReport2\cs\dwld\WhiteList.xip
c:\documents and settings\Administrateur\Application Data\ShoppingReport2\cs\report\aggr_storage.xml
c:\documents and settings\Administrateur\Application Data\ShoppingReport2\cs\report\send_storage.xml
c:\documents and settings\Administrateur\Application Data\ShoppingReport2\cs\res2\WhiteList.dbs
c:\documents and settings\All Users\Application Data\QuestBrwSearch
c:\documents and settings\All Users\Application Data\QuestBrwSearch\questbrowse119.exe
c:\documents and settings\All Users\Application Data\QuestBrwSearch\questbrowse127.exe
c:\program files\QuestBrwSearch
c:\program files\QuestBrwSearch\questbrwsearch.dll
c:\program files\QuestBrwSearch\questbrwsearch.exe
c:\program files\QuestBrwSearch\uninstall.exe
c:\program files\ShoppingReport2
c:\program files\ShoppingReport2\Bin\2.7.21\ShoppingReport.dll
c:\program files\ShoppingReport2\Uninst.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
-------\Legacy_QuestBrowse_Service
-------\Legacy_QuestBrowse_Service
-------\Service_QuestBrowse Service
-------\Service_QuestBrowse Service
((((((((((((((((((((((((((((( Fichiers créés du 2011-01-21 au 2011-02-21 ))))))))))))))))))))))))))))))))))))
.
2011-02-21 11:54 . 2011-02-21 11:54 -------- d-----w- c:\documents and settings\Administrateur\Application Data\SecondLife
2011-02-21 11:53 . 2011-02-21 12:38 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\SecondLife
2011-02-21 11:51 . 2011-02-21 11:55 -------- d-----w- c:\program files\SecondLifeViewer2
2011-02-12 01:11 . 2011-02-12 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\82E
2011-02-05 00:42 . 2011-02-05 00:42 1409 ----a-w- c:\windows\QTFont.for
2011-02-01 17:26 . 2011-02-01 17:26 -------- d-----w- c:\documents and settings\Administrateur\Application Data\imeshbandmltbpi
2011-02-01 16:40 . 2011-02-06 19:57 -------- d-----w- c:\documents and settings\Administrateur\Application Data\mediabarim
2011-02-01 16:39 . 2011-02-12 01:51 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\iMesh
2011-02-01 16:39 . 2011-02-01 16:40 -------- d-----w- c:\program files\iMesh Applications
2011-02-01 16:39 . 2011-02-01 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\iMesh
2011-02-01 16:38 . 2011-02-01 16:40 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{22F613F4-83CD-4A76-A4FB-AE751A013BCA}
2011-02-01 16:37 . 2011-02-01 16:37 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\PackageAware
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2003-04-24 12:00 441344 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-04-24 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2003-04-24 12:00 1855104 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2005-06-15 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:06 . 2006-06-23 17:28 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:06 . 2003-04-24 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:06 . 2008-04-30 03:11 78336 ------w- c:\windows\system32\ieencode.dll
2010-12-20 23:06 . 2003-04-24 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26 . 2003-04-24 12:00 736768 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-30 03:11 389120 ------w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2003-04-24 12:00 743424 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2003-04-24 12:00 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2002-08-29 11:42 2071424 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2003-04-24 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-01-24 15:45 89008 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-01-25 12:24 721288 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll" [2011-01-24 89008]
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-25 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-08 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-01-13 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-01-13 114688]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-04-28 249856]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-12 270336]
"snp2std"="c:\windows\vsnp2std.exe" [2007-05-10 344064]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-02-22 72192]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-17 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\amcap.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.imesh.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b4b5ee72919d4b66b1c6692342ad134e
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b4b5ee72919d4b66b1c6692342ad134e
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-10 - (no file)
AddRemove-AVIConverter - c:\documents and settings\Administrateur\Bureau\mp3\AVIConverter\uninst.exe
AddRemove-QuestBrowse - c:\program files\QuestBrwSearch\uninstall.exe
AddRemove-{2460923D-1AA6-47FE-A375-76308780D20F} - c:\program files\InstallShield Installation Information\{2460923D-1AA6-47FE-A375-76308780D20F}\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-21 18:36
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3456)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Heure de fin: 2011-02-21 18:42:06 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-02-21 23:42
Avant-CF: 20 017 270 784 octets libres
Après-CF: 20 307 927 040 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
- - End Of File - - 29BFB8B5EFF9EBAA0AF2C921D39A78D6
----------------------------------------------------------------------------
c quoi que c ? sa veux dire quoi ?? jespere avoir d reponse ?
merci a tlm qui von maidé a +
A voir également:
- Salut tlm jai un ti probleme
- Atomman g7 ti - Accueil - Ordinateurs
- Films avec jai ✓ - Forum Cinéma / Télé
- Ti college plus solaire ne s'allume plus - Forum calculatrices
- Touche del ti 83 ✓ - Forum Clavier
- Factorielle ti 83 - Forum calculatrices
2 réponses
Salut
Tu as des adwares.
Télécharger sur le bureau
AD-Remover
= Double-Clic AD-R pour l'installer
= Double-Clic AD-Remover, raccourci qui vient de se créer sur le bureau
= Faire Nettoyer
= En fin de scan donner le rapport
Tu as des adwares.
Télécharger sur le bureau
AD-Remover
= Double-Clic AD-R pour l'installer
= Double-Clic AD-Remover, raccourci qui vient de se créer sur le bureau
= Faire Nettoyer
= En fin de scan donner le rapport
