Pub à gogo !
Résolu
zapeuse
Messages postés
111
Date d'inscription
Statut
Membre
Dernière intervention
-
zapeuse Messages postés 111 Date d'inscription Statut Membre Dernière intervention -
zapeuse Messages postés 111 Date d'inscription Statut Membre Dernière intervention -
Bonsoir , mon pc est infesté de pub ;il suffit que je sois connecté a internet est c est l invasion!!!!! , de l aide s il vous plait merci !
ps: je suis sous vista
ps: je suis sous vista
A voir également:
- Pub à gogo !
- Supprimer pub youtube - Accueil - Streaming
- Stop pub gratuit - Télécharger - Divers Utilitaires
- Supprimer la pub - Guide
- Musique pub italienne lalala - Forum Musique / Radio / Clip
- Pub par sms - Guide
140 réponses
j ai dejas essayer mais rien ne se passe , dis moi si je désinstalle combo si c est oui redonne moi la marche a suivre pour le reinstaller . je sature là!!!!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
j espère que tu seras là demain pour que tu me dises quoi faire , encore merci ,pour tous le temps passer à m aider !
salut, j ai eté sur le lien que tu m as envoyé c est un site espagnol je crois mais je ne vois pas combo ! j ai trouver un autre lien sur une page de ccm est ce que je m en sert ? si oui apres l avoir télécharger je ferme toute les connections a internet ? J arrete avast ? ?
Voici ComboFix :
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Mets simplement le CFScript sur ComboFix.
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Mets simplement le CFScript sur ComboFix.
bon j ai eté dans met documents ,téléchargement, j ai trouvé combo et dés que j ai cliqué dessus il s est ouvert voilà ce qui est sorti ,ah oui aussi je ne trouve pas le script ouf ComboFix 08-09-30.03 - utilisateur 2008-10-01 23:46:57.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.334 [GMT 2:00]
Lancé depuis: C:\Users\utilisateur\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-01 au 2008-10-01 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans ce laps de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 21:38 --------- d-----w C:\Users\utilisateur\AppData\Roaming\Azureus
2008-10-01 21:37 --------- d-----w C:\Users\utilisateur\AppData\Roaming\Skype
2008-10-01 18:38 --------- d-----w C:\Users\utilisateur\AppData\Roaming\skypePM
2008-10-01 12:47 --------- d-----w C:\ProgramData\Google Updater
2008-10-01 09:24 230,432 ----a-w C:\PA207.DAT
2008-10-01 08:38 --------- d-----w C:\Users\utilisateur\AppData\Roaming\OpenOffice.org2
2008-09-29 20:36 --------- d-----w C:\Program Files\CCleaner
2008-09-29 14:18 --------- d-----w C:\ProgramData\NortonInstaller
2008-09-29 00:14 --------- d-----w C:\Users\utilisateur\AppData\Roaming\Malwarebytes
2008-09-29 00:14 --------- d-----w C:\ProgramData\Malwarebytes
2008-09-29 00:14 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 21:36 --------- d-----w C:\Program Files\Trend Micro
2008-09-28 16:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-28 16:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-09-25 16:32 --------- d-----w C:\Program Files\DivX
2008-09-12 17:03 --------- d--h--r C:\Program Files\rnamfler
2008-09-09 22:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-09 22:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-08 20:16 --------- d-----w C:\Program Files\Apple Software Update
2008-09-08 20:14 --------- d-----w C:\Program Files\iTunes
2008-09-08 20:13 --------- d-----w C:\Program Files\iPod
2008-09-06 00:03 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-24 14:24 --------- d-----w C:\ProgramData\Xerox
2008-08-22 12:00 --------- d-----w C:\Program Files\PhotoFiltre
2008-08-17 16:56 --------- d-----w C:\ProgramData\Nero
2008-08-17 16:56 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-17 15:18 --------- d-----w C:\Users\utilisateur\AppData\Roaming\Nero
2008-08-17 13:00 --------- d-----w C:\Program Files\Java
2008-08-17 12:49 --------- d-----w C:\Program Files\Azureus
2008-08-16 17:49 --------- d-----w C:\Program Files\Windows Mail
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-09 13:37 174 --sha-w C:\Program Files\desktop.ini
2007-12-29 20:09 32 ----a-w C:\Users\All Users\ezsid.dat
2007-12-29 20:09 32 ----a-w C:\ProgramData\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-09-29_23.52.00.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
- 2008-09-29 20:58:45 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-01 21:55:15 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-29 20:58:45 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-01 21:55:15 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-29 21:01:07 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-10-01 21:56:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-10-01 21:56:01 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-29 21:01:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-10-01 21:55:56 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-09-29 20:58:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-01 21:55:37 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-29 20:58:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-01 21:55:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-29 20:58:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-01 21:55:37 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-29 21:46:19 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-01 21:46:45 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-01 21:46:45 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-09-28 15:11:47 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-01 19:09:33 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-28 15:11:47 117,572 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-10-01 19:09:33 117,572 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-09-28 15:11:47 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-01 19:09:33 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-28 15:11:47 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-10-01 19:09:33 690,832 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-09-29 21:01:33 12,276 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-513726153-2122694420-3546362679-1000_UserData.bin
+ 2008-10-01 08:39:00 12,292 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-513726153-2122694420-3546362679-1000_UserData.bin
- 2008-09-29 21:01:32 69,810 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-01 08:39:00 69,810 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-28 01:03:56 3,564 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-09-30 22:51:21 3,564 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-09-29 21:01:30 59,606 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-01 08:38:58 59,606 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-09-29 16:13:26 236,786 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-10-01 18:25:58 238,338 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-09-20 00:21:32 146,020,657 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-10-01 10:57:39 146,615,807 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="" [?]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-19 3477504]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-10 68856]
"Google Update"="C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-13 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-11-22 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-22 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 81920]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"wrna3ls"="C:\Program Files\rnamfler\naomf.exe" [2006-04-01 1253960]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 C:\Windows\RtHDVCpl.exe]
C:\Users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-05 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D8EFF238-855E-408E-8954-075167481645}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{4112A4DE-7CF5-4435-9AD0-15A56DCC8817}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"TCP Query User{7398CA78-F503-45A0-B307-23C66EEB8CB9}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{74699DE6-00F4-4CDD-B86E-6B61822135DB}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{5D1E7196-9F7A-46F5-9BAF-0B45E279173E}"= Disabled:UDP:C:\Users\utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3N32KW19\incredimail_install[1].exe:IncrediMail Installer
"{B2DA9F94-AE39-453B-B95F-E85AFA0D0CED}"= Disabled:TCP:C:\Users\utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3N32KW19\incredimail_install[1].exe:IncrediMail Installer
"TCP Query User{0E9F6395-64C8-4AF6-A014-08862ECBB74A}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{4A768C5A-CA04-465F-89BE-02B431EBC1FD}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{9413DF28-6407-43F0-80CF-039A2597277D}C:\\users\\utilisateur\\downloads\\wow-frfr-installer-downloader.exe"= UDP:C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"UDP Query User{666A3E28-8176-42B8-909D-791700ABE632}C:\\users\\utilisateur\\downloads\\wow-frfr-installer-downloader.exe"= TCP:C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"TCP Query User{E3AFEA56-75D3-4A94-B9FE-02875BD6437F}C:\\users\\utilisateur\\downloads\\wow-frfr-installer-downloader.exe"= UDP:C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"UDP Query User{75B4919D-DEB3-48B8-9E8B-5E5F04FBDA1D}C:\\users\\utilisateur\\downloads\\wow-frfr-installer-downloader.exe"= TCP:C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"TCP Query User{637764D0-5997-47AE-BACA-144D03A5805C}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{565E3234-79F9-44CF-A3EA-97D8E88BC211}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{EB38F007-7A46-4BF8-8FB8-BA1BDF4AC6BE}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{37BDA417-7B89-4F87-9B89-8326B92A1D8E}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{147B5A49-B0D0-48E6-9C95-59A9B9B14728}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3C89E7FC-64E5-4A94-B620-048110092575}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{9A50D933-43D0-4113-B313-AC915463AEC3}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{72F4486D-C360-4F3F-BE8D-5E43564DA28E}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{CA102E23-18F9-4392-8C48-6078D79E3112}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C287D1E2-518A-42AC-B0C2-8D0B99873B69}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{78CFD111-E4C2-4B3D-80A3-8A5675292E5C}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{074DA8F9-355C-4DAD-938E-8EB04FF53E7C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2CF642CC-5AA1-4EC8-9EF2-9EBFEB6D7871}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{5AEB2237-271C-4CA9-8F6F-1509FD012716}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DD0719FA-478B-46F8-98EB-98099525E53A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{2173BDF4-B2E1-4FA6-BA85-5297A8E26B1F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{99DEC475-7EE8-4967-A8DF-72A881A52A6C}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{0087B3E8-5476-40B4-B285-66690AE75B17}"= UDP:C:\Users\utilisateur\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{FF0BA473-4B32-4099-BA6B-E3AAA79D0DBB}"= TCP:C:\Users\utilisateur\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\licnk7hr.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.ircfast.com/index.php?rvs=hompag
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 23:56:58
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eNet\eNMTray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Users\UTILIS~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
C:\Program Files\rnamfler\radprcmp.exe
C:\Windows\System32\igfxext.exe
C:\Windows\System32\igfxsrvc.exe
.
**************************************************************************
.
Heure de fin: 2008-10-02 0:05:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-01 22:03:54
ComboFix2.txt 2008-09-29 21:53:16
Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 2,747,359,232 octets libres
271 --- E O F --- 2008-09-30 10:01:29
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.334 [GMT 2:00]
Lancé depuis: C:\Users\utilisateur\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-01 au 2008-10-01 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans ce laps de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 21:38 --------- d-----w C:\Users\utilisateur\AppData\Roaming\Azureus
2008-10-01 21:37 --------- d-----w C:\Users\utilisateur\AppData\Roaming\Skype
2008-10-01 18:38 --------- d-----w C:\Users\utilisateur\AppData\Roaming\skypePM
2008-10-01 12:47 --------- d-----w C:\ProgramData\Google Updater
2008-10-01 09:24 230,432 ----a-w C:\PA207.DAT
2008-10-01 08:38 --------- d-----w C:\Users\utilisateur\AppData\Roaming\OpenOffice.org2
2008-09-29 20:36 --------- d-----w C:\Program Files\CCleaner
2008-09-29 14:18 --------- d-----w C:\ProgramData\NortonInstaller
2008-09-29 00:14 --------- d-----w C:\Users\utilisateur\AppData\Roaming\Malwarebytes
2008-09-29 00:14 --------- d-----w C:\ProgramData\Malwarebytes
2008-09-29 00:14 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 21:36 --------- d-----w C:\Program Files\Trend Micro
2008-09-28 16:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-28 16:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-09-25 16:32 --------- d-----w C:\Program Files\DivX
2008-09-12 17:03 --------- d--h--r C:\Program Files\rnamfler
2008-09-09 22:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-09 22:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-08 20:16 --------- d-----w C:\Program Files\Apple Software Update
2008-09-08 20:14 --------- d-----w C:\Program Files\iTunes
2008-09-08 20:13 --------- d-----w C:\Program Files\iPod
2008-09-06 00:03 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-24 14:24 --------- d-----w C:\ProgramData\Xerox
2008-08-22 12:00 --------- d-----w C:\Program Files\PhotoFiltre
2008-08-17 16:56 --------- d-----w C:\ProgramData\Nero
2008-08-17 16:56 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-17 15:18 --------- d-----w C:\Users\utilisateur\AppData\Roaming\Nero
2008-08-17 13:00 --------- d-----w C:\Program Files\Java
2008-08-17 12:49 --------- d-----w C:\Program Files\Azureus
2008-08-16 17:49 --------- d-----w C:\Program Files\Windows Mail
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-09 13:37 174 --sha-w C:\Program Files\desktop.ini
2007-12-29 20:09 32 ----a-w C:\Users\All Users\ezsid.dat
2007-12-29 20:09 32 ----a-w C:\ProgramData\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-09-29_23.52.00.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
- 2008-09-29 20:58:45 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-01 21:55:15 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-29 20:58:45 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-01 21:55:15 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-29 21:01:07 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-10-01 21:56:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-10-01 21:56:01 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-29 21:01:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-10-01 21:55:56 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-09-29 20:58:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-01 21:55:37 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-29 20:58:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-01 21:55:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-29 20:58:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-01 21:55:37 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-29 21:46:19 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-01 21:46:45 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-01 21:46:45 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-09-28 15:11:47 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-01 19:09:33 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-28 15:11:47 117,572 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-10-01 19:09:33 117,572 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-09-28 15:11:47 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-01 19:09:33 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-28 15:11:47 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-10-01 19:09:33 690,832 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-09-29 21:01:33 12,276 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-513726153-2122694420-3546362679-1000_UserData.bin
+ 2008-10-01 08:39:00 12,292 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-513726153-2122694420-3546362679-1000_UserData.bin
- 2008-09-29 21:01:32 69,810 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-01 08:39:00 69,810 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-28 01:03:56 3,564 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-09-30 22:51:21 3,564 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-09-29 21:01:30 59,606 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-01 08:38:58 59,606 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-09-29 16:13:26 236,786 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-10-01 18:25:58 238,338 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-09-20 00:21:32 146,020,657 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-10-01 10:57:39 146,615,807 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="" [?]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-19 3477504]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-10 68856]
"Google Update"="C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-13 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-11-22 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-22 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 81920]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"wrna3ls"="C:\Program Files\rnamfler\naomf.exe" [2006-04-01 1253960]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 C:\Windows\RtHDVCpl.exe]
C:\Users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-05 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D8EFF238-855E-408E-8954-075167481645}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{4112A4DE-7CF5-4435-9AD0-15A56DCC8817}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"TCP Query User{7398CA78-F503-45A0-B307-23C66EEB8CB9}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{74699DE6-00F4-4CDD-B86E-6B61822135DB}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{5D1E7196-9F7A-46F5-9BAF-0B45E279173E}"= Disabled:UDP:C:\Users\utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3N32KW19\incredimail_install[1].exe:IncrediMail Installer
"{B2DA9F94-AE39-453B-B95F-E85AFA0D0CED}"= Disabled:TCP:C:\Users\utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3N32KW19\incredimail_install[1].exe:IncrediMail Installer
"TCP Query User{0E9F6395-64C8-4AF6-A014-08862ECBB74A}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{4A768C5A-CA04-465F-89BE-02B431EBC1FD}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{9413DF28-6407-43F0-80CF-039A2597277D}C:\\users\\utilisateur\\downloads\\wow-frfr-installer-downloader.exe"= UDP:C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"UDP Query User{666A3E28-8176-42B8-909D-791700ABE632}C:\\users\\utilisateur\\downloads\\wow-frfr-installer-downloader.exe"= TCP:C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"TCP Query User{E3AFEA56-75D3-4A94-B9FE-02875BD6437F}C:\\users\\utilisateur\\downloads\\wow-frfr-installer-downloader.exe"= UDP:C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"UDP Query User{75B4919D-DEB3-48B8-9E8B-5E5F04FBDA1D}C:\\users\\utilisateur\\downloads\\wow-frfr-installer-downloader.exe"= TCP:C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"TCP Query User{637764D0-5997-47AE-BACA-144D03A5805C}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{565E3234-79F9-44CF-A3EA-97D8E88BC211}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{EB38F007-7A46-4BF8-8FB8-BA1BDF4AC6BE}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{37BDA417-7B89-4F87-9B89-8326B92A1D8E}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{147B5A49-B0D0-48E6-9C95-59A9B9B14728}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3C89E7FC-64E5-4A94-B620-048110092575}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{9A50D933-43D0-4113-B313-AC915463AEC3}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{72F4486D-C360-4F3F-BE8D-5E43564DA28E}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{CA102E23-18F9-4392-8C48-6078D79E3112}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C287D1E2-518A-42AC-B0C2-8D0B99873B69}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{78CFD111-E4C2-4B3D-80A3-8A5675292E5C}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{074DA8F9-355C-4DAD-938E-8EB04FF53E7C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2CF642CC-5AA1-4EC8-9EF2-9EBFEB6D7871}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{5AEB2237-271C-4CA9-8F6F-1509FD012716}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DD0719FA-478B-46F8-98EB-98099525E53A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{2173BDF4-B2E1-4FA6-BA85-5297A8E26B1F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{99DEC475-7EE8-4967-A8DF-72A881A52A6C}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{0087B3E8-5476-40B4-B285-66690AE75B17}"= UDP:C:\Users\utilisateur\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{FF0BA473-4B32-4099-BA6B-E3AAA79D0DBB}"= TCP:C:\Users\utilisateur\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\licnk7hr.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.ircfast.com/index.php?rvs=hompag
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 23:56:58
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eNet\eNMTray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Users\UTILIS~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
C:\Program Files\rnamfler\radprcmp.exe
C:\Windows\System32\igfxext.exe
C:\Windows\System32\igfxsrvc.exe
.
**************************************************************************
.
Heure de fin: 2008-10-02 0:05:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-01 22:03:54
ComboFix2.txt 2008-09-29 21:53:16
Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 2,747,359,232 octets libres
271 --- E O F --- 2008-09-30 10:01:29
Bonsoir si ça peut aider :
Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)
A+
Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)
A+
