A voir également:
- PC inutilisable...
- Test performance pc - Guide
- Reinitialiser pc - Guide
- Pc lent - Guide
- Whatsapp pc - Télécharger - Messagerie
- Audacity enregistrer son pc - Guide
6 réponses
Utilisateur anonyme
3 févr. 2012 à 21:08
3 févr. 2012 à 21:08
telecharge et enregistre ceci sur ton bureau :
Pre_Scan
Avertissement: tous les processus non-vitaux de windows seront coupés --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition du rapport sur le bureau.
si 'outil est bloqué par l'infection utilise cette version : Version .pif
ou encore cette version renommée : Winlogon.exe
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan après redemarrage
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
heberge le rapport sur http://pjjoint.malekal.com et donne le lien obtenu
Pre_Scan
Avertissement: tous les processus non-vitaux de windows seront coupés --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition du rapport sur le bureau.
si 'outil est bloqué par l'infection utilise cette version : Version .pif
ou encore cette version renommée : Winlogon.exe
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan après redemarrage
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
heberge le rapport sur http://pjjoint.malekal.com et donne le lien obtenu
J'ai téléchargé les 3, et aucun d'eux ne veut démarrer carrément..Les 3 me donnent le meme message d'erreur "L'application C:\...\system32\WSOCK32.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation."
Utilisateur anonyme
3 févr. 2012 à 21:59
3 févr. 2012 à 21:59
/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\
__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur
Telecharge ici : Combofix
Avant d'utiliser ComboFix :
Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\
Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :
▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le
Une fenêtre apparait : clique sur "Disable"
▶ Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤
▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ComboFix 12-02-03.02 - Marouane 03/02/2012 22:19:52.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1014.603 [GMT 1:00]
Lancé depuis: c:\documents and settings\Marouane\Bureau\Marouane.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Marouane\Application Data\10.tmp
c:\documents and settings\Marouane\Application Data\11.tmp
c:\documents and settings\Marouane\Application Data\12.tmp
c:\documents and settings\Marouane\Application Data\13.tmp
c:\documents and settings\Marouane\Application Data\131C.tmp
c:\documents and settings\Marouane\Application Data\131D.tmp
c:\documents and settings\Marouane\Application Data\14.tmp
c:\documents and settings\Marouane\Application Data\15.tmp
c:\documents and settings\Marouane\Application Data\16.tmp
c:\documents and settings\Marouane\Application Data\17.tmp
c:\documents and settings\Marouane\Application Data\18.tmp
c:\documents and settings\Marouane\Application Data\19.tmp
c:\documents and settings\Marouane\Application Data\1A.tmp
c:\documents and settings\Marouane\Application Data\1A1.tmp
c:\documents and settings\Marouane\Application Data\1A2.tmp
c:\documents and settings\Marouane\Application Data\1A3.tmp
c:\documents and settings\Marouane\Application Data\1A4.tmp
c:\documents and settings\Marouane\Application Data\1A5.tmp
c:\documents and settings\Marouane\Application Data\1A6.tmp
c:\documents and settings\Marouane\Application Data\1A7.tmp
c:\documents and settings\Marouane\Application Data\1A8.tmp
c:\documents and settings\Marouane\Application Data\1A9.tmp
c:\documents and settings\Marouane\Application Data\1AA.tmp
c:\documents and settings\Marouane\Application Data\1AB.tmp
c:\documents and settings\Marouane\Application Data\1AC.tmp
c:\documents and settings\Marouane\Application Data\1AD.tmp
c:\documents and settings\Marouane\Application Data\1AE.tmp
c:\documents and settings\Marouane\Application Data\1AF.tmp
c:\documents and settings\Marouane\Application Data\1B.tmp
c:\documents and settings\Marouane\Application Data\1B0.tmp
c:\documents and settings\Marouane\Application Data\1B1.tmp
c:\documents and settings\Marouane\Application Data\1B2.tmp
c:\documents and settings\Marouane\Application Data\1C.tmp
c:\documents and settings\Marouane\Application Data\1D.tmp
c:\documents and settings\Marouane\Application Data\1E.tmp
c:\documents and settings\Marouane\Application Data\1F.tmp
c:\documents and settings\Marouane\Application Data\1F2.tmp
c:\documents and settings\Marouane\Application Data\1F3.tmp
c:\documents and settings\Marouane\Application Data\2.tmp
c:\documents and settings\Marouane\Application Data\20.tmp
c:\documents and settings\Marouane\Application Data\21.tmp
c:\documents and settings\Marouane\Application Data\22.tmp
c:\documents and settings\Marouane\Application Data\23.tmp
c:\documents and settings\Marouane\Application Data\24.tmp
c:\documents and settings\Marouane\Application Data\25.tmp
c:\documents and settings\Marouane\Application Data\26.tmp
c:\documents and settings\Marouane\Application Data\27.tmp
c:\documents and settings\Marouane\Application Data\28.tmp
c:\documents and settings\Marouane\Application Data\29.tmp
c:\documents and settings\Marouane\Application Data\2A.tmp
c:\documents and settings\Marouane\Application Data\2B.tmp
c:\documents and settings\Marouane\Application Data\2C.tmp
c:\documents and settings\Marouane\Application Data\3.tmp
c:\documents and settings\Marouane\Application Data\37.tmp
c:\documents and settings\Marouane\Application Data\3E.tmp
c:\documents and settings\Marouane\Application Data\3F.tmp
c:\documents and settings\Marouane\Application Data\4.tmp
c:\documents and settings\Marouane\Application Data\40.tmp
c:\documents and settings\Marouane\Application Data\41.tmp
c:\documents and settings\Marouane\Application Data\45.tmp
c:\documents and settings\Marouane\Application Data\46.tmp
c:\documents and settings\Marouane\Application Data\4D5.tmp
c:\documents and settings\Marouane\Application Data\5.tmp
c:\documents and settings\Marouane\Application Data\5A6.tmp
c:\documents and settings\Marouane\Application Data\5F.tmp
c:\documents and settings\Marouane\Application Data\6.tmp
c:\documents and settings\Marouane\Application Data\6B.tmp
c:\documents and settings\Marouane\Application Data\7.tmp
c:\documents and settings\Marouane\Application Data\8.tmp
c:\documents and settings\Marouane\Application Data\9.tmp
c:\documents and settings\Marouane\Application Data\98.tmp
c:\documents and settings\Marouane\Application Data\99.tmp
c:\documents and settings\Marouane\Application Data\9D.tmp
c:\documents and settings\Marouane\Application Data\9E.tmp
c:\documents and settings\Marouane\Application Data\9F.tmp
c:\documents and settings\Marouane\Application Data\A.tmp
c:\documents and settings\Marouane\Application Data\A0.tmp
c:\documents and settings\Marouane\Application Data\AA1.tmp
c:\documents and settings\Marouane\Application Data\AA2.tmp
c:\documents and settings\Marouane\Application Data\AA3.tmp
c:\documents and settings\Marouane\Application Data\ABA.tmp
c:\documents and settings\Marouane\Application Data\ABB.tmp
c:\documents and settings\Marouane\Application Data\ABC.tmp
c:\documents and settings\Marouane\Application Data\ABD.tmp
c:\documents and settings\Marouane\Application Data\ABE.tmp
c:\documents and settings\Marouane\Application Data\ABF.tmp
c:\documents and settings\Marouane\Application Data\B.tmp
c:\documents and settings\Marouane\Application Data\C.tmp
c:\documents and settings\Marouane\Application Data\C0.tmp
c:\documents and settings\Marouane\Application Data\C1.tmp
c:\documents and settings\Marouane\Application Data\C2.tmp
c:\documents and settings\Marouane\Application Data\C24.tmp
c:\documents and settings\Marouane\Application Data\C6.tmp
c:\documents and settings\Marouane\Application Data\C7.tmp
c:\documents and settings\Marouane\Application Data\C8.tmp
c:\documents and settings\Marouane\Application Data\CC.tmp
c:\documents and settings\Marouane\Application Data\CD.tmp
c:\documents and settings\Marouane\Application Data\CE.tmp
c:\documents and settings\Marouane\Application Data\D.tmp
c:\documents and settings\Marouane\Application Data\E.tmp
c:\documents and settings\Marouane\Application Data\F.tmp
c:\windows\aadrive32.exe
c:\windows\system32\63.exe
c:\windows\system32\Drivers\afd.sys
c:\windows\system32\odbcad32.exe
.
c:\windows\system32\drivers\afd.sys était absent
Copie restaurée à partir de - c:\system volume information\_restore{82095821-F3E5-4396-AC7B-C0E485DB4324}\RP34\A0045202.sys
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYSDRV32
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-01-03 au 2012-02-03 ))))))))))))))))))))))))))))))))))))
.
.
2012-02-01 19:15 . 2012-02-01 19:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2012-02-01 18:48 . 2012-02-01 18:48 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2012-01-22 19:22 . 2012-01-22 19:22 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-22 19:22 . 2012-01-22 19:22 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-22 19:22 . 2012-01-22 19:22 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-22 19:22 . 2012-01-22 19:22 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-02 21:19 . 2011-12-02 21:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-22 19:22 . 2011-03-29 18:49 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2005-06-28 . A3886230C2B22BF4D3C452B90B1C45CB . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2005-06-15 . CC5B99AF6247175A151B0CC4E71C7F58 . 1036288 . . [6.00.2900.2527] . . c:\windows\explorer.exe
.
[-] 2004-11-28 14:36 . AB3D62010AF342203FFA60C2D94DBC68 . 8704 . . [1] . . c:\windows\system32\sfcfiles.dll
.
[-] 2005-06-15 . BEBB29FBD9C14448A7BC12204A362D9E . 2321152 . . [5.1.2600.2622] . . c:\windows\system32\ntoskrnl.exe
[7] 2005-03-02 . 3E2A0A4A0C0B19FC113618A9562A3B2A . 2181632 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2005-03-02 . 63729DD0F2AAE36CC52B89C05505146C . 2181376 . . [5.1.2600.2622] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="lclock.exe" [2004-12-08 65536]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"X'nBeep"="c:\program files\X'nBeep 1.1\XnBeep.exe" [2007-01-06 1067520]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-09-01 966712]
"Facebook Update"="c:\documents and settings\Marouane\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-11-12 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer" [X]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 28672]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 88358]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2005-07-14 2310]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
.
c:\documents and settings\Marouane\Menu Démarrer\Programmes\Démarrage\
0.14049375746650805.exe.lnk - c:\windows\system32\rundll32.exe [2004-8-19 33792]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Marouane\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
"3612:TCP"= 3612:TCP:qmdytrvh
"3390:TCP"= 3390:TCP:bqmdy
"6269:TCP"= 6269:TCP:vhthhi
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [05/06/2011 15:46 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/06/2011 15:46 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/06/2011 15:46 19544]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/03/2011 22:48 136176]
S2 mwrkmzbnc;Boot Network;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 17:10 14336]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/03/2011 22:48 136176]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [10/03/2011 13:42 311744]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [05/06/2011 04:03 39984]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [27/09/2011 22:27 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [27/09/2011 22:27 8576]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mwrkmzbnc
.
Contenu du dossier 'Tâches planifiées'
.
2011-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1060284298-682003330-1003Core1cca15b87409cda.job
- c:\documents and settings\Marouane\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-20 16:52]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cce184d3e15296.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-29 21:48]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1572363
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Marouane\Application Data\Mozilla\Firefox\Profiles\64949tqv.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-Wogagw - c:\documents and settings\Marouane\Application Data\Wogagw.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-03 22:43
Windows 5.1.2600 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
.
c:\documents and settings\Marouane\Application Data\Wogagw.exe 126976 bytes executable
.
Scan terminé avec succès
Fichiers cachés: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mwrkmzbnc]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3252)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\LC.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\TCtrlIOHook.exe
c:\windows\AGRSMMSG.exe
c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe
c:\windows\lclock.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Heure de fin: 2012-02-03 22:51:01 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-02-03 21:50
.
Avant-CF: 287 647 383 552 octets libres
Après-CF: 287 549 964 288 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
.
- - End Of File - - 8C5F08000197A9132899674B051E9186
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1014.603 [GMT 1:00]
Lancé depuis: c:\documents and settings\Marouane\Bureau\Marouane.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Marouane\Application Data\10.tmp
c:\documents and settings\Marouane\Application Data\11.tmp
c:\documents and settings\Marouane\Application Data\12.tmp
c:\documents and settings\Marouane\Application Data\13.tmp
c:\documents and settings\Marouane\Application Data\131C.tmp
c:\documents and settings\Marouane\Application Data\131D.tmp
c:\documents and settings\Marouane\Application Data\14.tmp
c:\documents and settings\Marouane\Application Data\15.tmp
c:\documents and settings\Marouane\Application Data\16.tmp
c:\documents and settings\Marouane\Application Data\17.tmp
c:\documents and settings\Marouane\Application Data\18.tmp
c:\documents and settings\Marouane\Application Data\19.tmp
c:\documents and settings\Marouane\Application Data\1A.tmp
c:\documents and settings\Marouane\Application Data\1A1.tmp
c:\documents and settings\Marouane\Application Data\1A2.tmp
c:\documents and settings\Marouane\Application Data\1A3.tmp
c:\documents and settings\Marouane\Application Data\1A4.tmp
c:\documents and settings\Marouane\Application Data\1A5.tmp
c:\documents and settings\Marouane\Application Data\1A6.tmp
c:\documents and settings\Marouane\Application Data\1A7.tmp
c:\documents and settings\Marouane\Application Data\1A8.tmp
c:\documents and settings\Marouane\Application Data\1A9.tmp
c:\documents and settings\Marouane\Application Data\1AA.tmp
c:\documents and settings\Marouane\Application Data\1AB.tmp
c:\documents and settings\Marouane\Application Data\1AC.tmp
c:\documents and settings\Marouane\Application Data\1AD.tmp
c:\documents and settings\Marouane\Application Data\1AE.tmp
c:\documents and settings\Marouane\Application Data\1AF.tmp
c:\documents and settings\Marouane\Application Data\1B.tmp
c:\documents and settings\Marouane\Application Data\1B0.tmp
c:\documents and settings\Marouane\Application Data\1B1.tmp
c:\documents and settings\Marouane\Application Data\1B2.tmp
c:\documents and settings\Marouane\Application Data\1C.tmp
c:\documents and settings\Marouane\Application Data\1D.tmp
c:\documents and settings\Marouane\Application Data\1E.tmp
c:\documents and settings\Marouane\Application Data\1F.tmp
c:\documents and settings\Marouane\Application Data\1F2.tmp
c:\documents and settings\Marouane\Application Data\1F3.tmp
c:\documents and settings\Marouane\Application Data\2.tmp
c:\documents and settings\Marouane\Application Data\20.tmp
c:\documents and settings\Marouane\Application Data\21.tmp
c:\documents and settings\Marouane\Application Data\22.tmp
c:\documents and settings\Marouane\Application Data\23.tmp
c:\documents and settings\Marouane\Application Data\24.tmp
c:\documents and settings\Marouane\Application Data\25.tmp
c:\documents and settings\Marouane\Application Data\26.tmp
c:\documents and settings\Marouane\Application Data\27.tmp
c:\documents and settings\Marouane\Application Data\28.tmp
c:\documents and settings\Marouane\Application Data\29.tmp
c:\documents and settings\Marouane\Application Data\2A.tmp
c:\documents and settings\Marouane\Application Data\2B.tmp
c:\documents and settings\Marouane\Application Data\2C.tmp
c:\documents and settings\Marouane\Application Data\3.tmp
c:\documents and settings\Marouane\Application Data\37.tmp
c:\documents and settings\Marouane\Application Data\3E.tmp
c:\documents and settings\Marouane\Application Data\3F.tmp
c:\documents and settings\Marouane\Application Data\4.tmp
c:\documents and settings\Marouane\Application Data\40.tmp
c:\documents and settings\Marouane\Application Data\41.tmp
c:\documents and settings\Marouane\Application Data\45.tmp
c:\documents and settings\Marouane\Application Data\46.tmp
c:\documents and settings\Marouane\Application Data\4D5.tmp
c:\documents and settings\Marouane\Application Data\5.tmp
c:\documents and settings\Marouane\Application Data\5A6.tmp
c:\documents and settings\Marouane\Application Data\5F.tmp
c:\documents and settings\Marouane\Application Data\6.tmp
c:\documents and settings\Marouane\Application Data\6B.tmp
c:\documents and settings\Marouane\Application Data\7.tmp
c:\documents and settings\Marouane\Application Data\8.tmp
c:\documents and settings\Marouane\Application Data\9.tmp
c:\documents and settings\Marouane\Application Data\98.tmp
c:\documents and settings\Marouane\Application Data\99.tmp
c:\documents and settings\Marouane\Application Data\9D.tmp
c:\documents and settings\Marouane\Application Data\9E.tmp
c:\documents and settings\Marouane\Application Data\9F.tmp
c:\documents and settings\Marouane\Application Data\A.tmp
c:\documents and settings\Marouane\Application Data\A0.tmp
c:\documents and settings\Marouane\Application Data\AA1.tmp
c:\documents and settings\Marouane\Application Data\AA2.tmp
c:\documents and settings\Marouane\Application Data\AA3.tmp
c:\documents and settings\Marouane\Application Data\ABA.tmp
c:\documents and settings\Marouane\Application Data\ABB.tmp
c:\documents and settings\Marouane\Application Data\ABC.tmp
c:\documents and settings\Marouane\Application Data\ABD.tmp
c:\documents and settings\Marouane\Application Data\ABE.tmp
c:\documents and settings\Marouane\Application Data\ABF.tmp
c:\documents and settings\Marouane\Application Data\B.tmp
c:\documents and settings\Marouane\Application Data\C.tmp
c:\documents and settings\Marouane\Application Data\C0.tmp
c:\documents and settings\Marouane\Application Data\C1.tmp
c:\documents and settings\Marouane\Application Data\C2.tmp
c:\documents and settings\Marouane\Application Data\C24.tmp
c:\documents and settings\Marouane\Application Data\C6.tmp
c:\documents and settings\Marouane\Application Data\C7.tmp
c:\documents and settings\Marouane\Application Data\C8.tmp
c:\documents and settings\Marouane\Application Data\CC.tmp
c:\documents and settings\Marouane\Application Data\CD.tmp
c:\documents and settings\Marouane\Application Data\CE.tmp
c:\documents and settings\Marouane\Application Data\D.tmp
c:\documents and settings\Marouane\Application Data\E.tmp
c:\documents and settings\Marouane\Application Data\F.tmp
c:\windows\aadrive32.exe
c:\windows\system32\63.exe
c:\windows\system32\Drivers\afd.sys
c:\windows\system32\odbcad32.exe
.
c:\windows\system32\drivers\afd.sys était absent
Copie restaurée à partir de - c:\system volume information\_restore{82095821-F3E5-4396-AC7B-C0E485DB4324}\RP34\A0045202.sys
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYSDRV32
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-01-03 au 2012-02-03 ))))))))))))))))))))))))))))))))))))
.
.
2012-02-01 19:15 . 2012-02-01 19:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2012-02-01 18:48 . 2012-02-01 18:48 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2012-01-22 19:22 . 2012-01-22 19:22 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-22 19:22 . 2012-01-22 19:22 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-22 19:22 . 2012-01-22 19:22 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-22 19:22 . 2012-01-22 19:22 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-02 21:19 . 2011-12-02 21:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-22 19:22 . 2011-03-29 18:49 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2005-06-28 . A3886230C2B22BF4D3C452B90B1C45CB . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2005-06-15 . CC5B99AF6247175A151B0CC4E71C7F58 . 1036288 . . [6.00.2900.2527] . . c:\windows\explorer.exe
.
[-] 2004-11-28 14:36 . AB3D62010AF342203FFA60C2D94DBC68 . 8704 . . [1] . . c:\windows\system32\sfcfiles.dll
.
[-] 2005-06-15 . BEBB29FBD9C14448A7BC12204A362D9E . 2321152 . . [5.1.2600.2622] . . c:\windows\system32\ntoskrnl.exe
[7] 2005-03-02 . 3E2A0A4A0C0B19FC113618A9562A3B2A . 2181632 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2005-03-02 . 63729DD0F2AAE36CC52B89C05505146C . 2181376 . . [5.1.2600.2622] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="lclock.exe" [2004-12-08 65536]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"X'nBeep"="c:\program files\X'nBeep 1.1\XnBeep.exe" [2007-01-06 1067520]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-09-01 966712]
"Facebook Update"="c:\documents and settings\Marouane\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-11-12 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer" [X]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 28672]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 88358]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2005-07-14 2310]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
.
c:\documents and settings\Marouane\Menu Démarrer\Programmes\Démarrage\
0.14049375746650805.exe.lnk - c:\windows\system32\rundll32.exe [2004-8-19 33792]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Marouane\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
"3612:TCP"= 3612:TCP:qmdytrvh
"3390:TCP"= 3390:TCP:bqmdy
"6269:TCP"= 6269:TCP:vhthhi
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [05/06/2011 15:46 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/06/2011 15:46 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/06/2011 15:46 19544]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/03/2011 22:48 136176]
S2 mwrkmzbnc;Boot Network;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 17:10 14336]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/03/2011 22:48 136176]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [10/03/2011 13:42 311744]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [05/06/2011 04:03 39984]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [27/09/2011 22:27 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [27/09/2011 22:27 8576]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mwrkmzbnc
.
Contenu du dossier 'Tâches planifiées'
.
2011-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1060284298-682003330-1003Core1cca15b87409cda.job
- c:\documents and settings\Marouane\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-20 16:52]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cce184d3e15296.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-29 21:48]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1572363
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Marouane\Application Data\Mozilla\Firefox\Profiles\64949tqv.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-Wogagw - c:\documents and settings\Marouane\Application Data\Wogagw.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-03 22:43
Windows 5.1.2600 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
.
c:\documents and settings\Marouane\Application Data\Wogagw.exe 126976 bytes executable
.
Scan terminé avec succès
Fichiers cachés: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mwrkmzbnc]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3252)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\LC.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\TCtrlIOHook.exe
c:\windows\AGRSMMSG.exe
c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe
c:\windows\lclock.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Heure de fin: 2012-02-03 22:51:01 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-02-03 21:50
.
Avant-CF: 287 647 383 552 octets libres
Après-CF: 287 549 964 288 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
.
- - End Of File - - 8C5F08000197A9132899674B051E9186
Utilisateur anonyme
4 févr. 2012 à 01:24
4 févr. 2012 à 01:24
ta version de windows n'est pas officielle je t'invite vivement à te procurer une licence légale
pour info :
https://www.commentcamarche.net/faq/2981-j-utilise-une-version-piratee-de-windows
pour info :
https://www.commentcamarche.net/faq/2981-j-utilise-une-version-piratee-de-windows
oui je sais c'est un ami qui m'a installé cette version sur mon pc parce que quand j'ai acheté mon pc j'avais pas eu de cd windows fourni avec du coup quand il a planté à l'époque c'était le seul cd qu'il avait! je compte bien réinstaller le windows officiel parce que j'ai eu que des galères avec cette version mais cependant qu'est ce que je peux faire pour réparer mon problème? en + depuis que combofix a terminé même internet ne fonctionne plus, je suis sur un autre pc...
3 févr. 2012 à 21:05