VIRUS win32/patcher SVP AIDE
Fermé
SOMIO2
Messages postés
1
Date d'inscription
vendredi 19 décembre 2008
Statut
Membre
Dernière intervention
19 décembre 2008
-
19 déc. 2008 à 11:27
Kyttee Messages postés 8 Date d'inscription mercredi 25 mai 2005 Statut Membre Dernière intervention 5 novembre 2009 - 26 févr. 2009 à 20:25
Kyttee Messages postés 8 Date d'inscription mercredi 25 mai 2005 Statut Membre Dernière intervention 5 novembre 2009 - 26 févr. 2009 à 20:25
Bonjour,
Depuis plus d’une semaine mon PC m’affiche un écran bleu avec le message suivant : KERNEL_STACK_INPAGE_ERROR avec erreur 0x00000077
J’ai fait un scan complet avec mon anti virus McAfee, qui me détecte un virus au niveau du C:\system32\dmserver.dll virus W32/Patcher, mais malheureusement il n’arrive pas à le supprimer. Voici le détail de l’analyse : Analyse après redémarrage, et il ne me donne pas la main pour le supprimer ni de le mettre sous quarantaine.
Mais ce qui est étonnant c’est ci je vais sur restaurer, je le retrouve et je peux le supprimer mais après un nouveau scan il est toujours la. Et le problème de l’écran bleu persiste toujours.
J’ai téléchargé Malwrebytes’ et j’ai scanné mon PC en mode sans échec, il a trouvé ds virus et il les a supprimés, mais le virus W32/Patcher excite toujours et il me cause toujours le même problème (ECRAN BLEU avec le même message).
Je vous prie de bien vouloir m’aider à éliminer ce virus.
Voici le log de ComboFix du 12/12/2008 + un 2éme log du 18/12/2008
1er Log du 12/12/208
ComboFix 08-12-09.03 - Alfatron 2008-12-12 15:46:21.1 - [color=red][b]FAT32/b/colorx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.221 [GMT 1:00]
Lancé depuis: c:\documents and settings\Alfatron\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Alfatron\Favoris\Online Security Guide.lnk
c:\documents and settings\Alfatron\Local Settings\Temporary Internet Files\[u]0/u0126ac5.jpg
c:\documents and settings\Alfatron\Local Settings\Temporary Internet Files\artmod_jewel_expand.GIF
c:\documents and settings\Alfatron\Local Settings\Temporary Internet Files\EUP2B.tmp
c:\documents and settings\Alfatron\Local Settings\Temporary Internet Files\EUP5F.tmp
c:\documents and settings\Alfatron\Mes documents\SSEMBL~1
c:\winnt\IE4 Error Log.txt
c:\winnt\system32\_000110_.tmp.dll
c:\winnt\system32\bgtubjjb.ini
c:\winnt\system32\dfhfmqns.ini
c:\winnt\system32\dyeimdrg.ini
c:\winnt\system32\emlskjki.ini
c:\winnt\system32\fnogamcm.ini
c:\winnt\system32\gvmafqri.ini
c:\winnt\system32\gxlykdnd.ini
c:\winnt\system32\ihyrtvxe.ini
c:\winnt\system32\jkdofadw.ini
c:\winnt\system32\kbnlwhdr.ini
c:\winnt\system32\kortdmlq.ini
c:\winnt\system32\mbvcmixf.ini
c:\winnt\system32\mewwbdfk.ini
c:\winnt\system32\mnutyvga.ini
c:\winnt\system32\mpktvqhf.ini
c:\winnt\system32\nsxtkilw.ini
c:\winnt\system32\qrlbmjie.ini
c:\winnt\system32\scnnngfr.ini
c:\winnt\system32\upvldvqp.ini
c:\winnt\system32\vhlocxnq.ini
c:\winnt\system32\vruuukva.ini
c:\winnt\system32\vxpeykrh.ini
c:\winnt\system32\vyyfsirk.ini
c:\winnt\system32\wycdd.bak1
c:\winnt\system32\wycdd.bak2
c:\winnt\system32\wycdd.ini
c:\winnt\system32\wycdd.ini2
c:\winnt\system32\wycdd.tmp
c:\winnt\system32\wycdd.tmp2
c:\winnt\system32\xiesvoxk.ini
c:\winnt\system32\xvrpkfop.ini
c:\winnt\Web\default.htt
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
-------\Service_IAS
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-12 au 2008-12-12 ))))))))))))))))))))))))))))))))))))
.
2031-10-02 21:51 . 2007-12-30 20:57 3,120 --a------ c:\winnt\MF_C421.lfa
2031-10-02 21:51 . 2007-12-30 20:57 3,120 --a------ c:\winnt\MF_C420.lfa
2008-12-12 16:09 . 2008-12-12 16:09 <REP> d--hs---- C:\FOUND.014
2008-12-12 01:58 . 2008-12-12 01:58 <REP> d--hs---- C:\FOUND.013
2008-12-11 20:10 . 2008-12-11 20:10 <REP> d-------- c:\documents and settings\Alfatron\Application Data\Malwarebytes
2008-12-11 20:10 . 2008-12-03 19:52 15,504 --a------ c:\winnt\system32\drivers\mbam.sys
2008-12-11 20:09 . 2008-12-11 20:09 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-11 20:09 . 2008-12-11 20:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 20:09 . 2008-12-03 19:52 38,496 --a------ c:\winnt\system32\drivers\mbamswissarmy.sys
2008-12-11 18:27 . 2008-12-11 18:27 <REP> d--hs---- C:\FOUND.012
2008-12-11 16:10 . 2008-12-11 16:10 <REP> d--hs---- C:\FOUND.011
2008-12-10 18:40 . 2008-12-10 18:40 <REP> d--hs---- C:\FOUND.010
2008-12-10 12:18 . 2008-12-10 12:18 <REP> d--hs---- C:\FOUND.009
2008-12-10 00:08 . 2008-12-10 00:08 362,240 --a------ c:\winnt\system32\TuneUpDefragService.exe
2008-12-09 23:18 . 2008-12-09 23:19 <REP> d-------- c:\program files\TuneUp Utilities 2009
2008-12-09 19:27 . 2008-12-09 19:27 <REP> d--hs---- C:\FOUND.008
2008-12-08 23:49 . 2008-12-08 23:49 <REP> d--hs---- C:\FOUND.007
2008-12-08 22:44 . 2008-12-08 22:44 <REP> d--hs---- C:\FOUND.006
2008-12-07 22:27 . 2008-12-07 22:27 <REP> d--hs---- C:\FOUND.005
2008-12-07 21:58 . 2008-12-07 21:58 <REP> d--hs---- C:\FOUND.004
2008-12-07 19:42 . 2008-12-07 19:42 <REP> d--hs---- C:\FOUND.003
2008-12-06 22:27 . 2008-12-06 22:27 603,904 --a------ c:\winnt\system32\TUProgSt.exe
2008-12-06 22:21 . 2008-12-06 22:21 <REP> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-01 23:20 . 2008-12-01 23:20 <REP> d-------- c:\documents and settings\Alfatron\Application Data\AIMP
2008-12-01 23:19 . 2008-12-01 23:19 <REP> d-------- c:\program files\AIMP2
2008-11-25 20:05 . 2004-11-01 04:19 163,712 --a------ c:\winnt\system32\drivers\vinyl97.sys
2008-11-23 22:25 . 2008-11-23 22:25 <REP> d--hs---- C:\FOUND.002
2008-11-21 12:01 . 2008-11-21 12:01 <REP> d-------- c:\documents and settings\Alfatron\Application Data\Xi
2008-11-21 11:57 . 2008-11-21 11:57 <REP> d-------- c:\program files\Free Download Manager
2008-11-21 11:57 . 2008-11-21 11:57 <REP> d-------- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2008-11-21 11:55 . 2008-11-21 11:55 <REP> d-------- c:\program files\Xi
2008-11-12 19:14 . 2008-11-15 22:27 54,156 --ah----- c:\winnt\QTFont.qfn
2008-11-12 19:14 . 2008-11-12 19:14 1,409 --a------ c:\winnt\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 19:42 5,018 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-10-30 22:13 --------- d-----w c:\program files\YourWare Solutions
2008-10-27 21:45 --------- d-----w c:\documents and settings\Alfatron\Application Data\LimeWire
2008-10-25 21:56 --------- d-----w c:\program files\Fichiers communs\Skype
2008-10-16 13:13 202,776 ----a-w c:\winnt\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\winnt\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\winnt\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\winnt\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\winnt\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\winnt\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\winnt\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\winnt\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\winnt\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\winnt\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\winnt\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\winnt\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\winnt\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\winnt\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\winnt\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\winnt\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\winnt\system32\muweb.dll
2008-10-15 16:59 332,800 ----a-w c:\winnt\system32\dllcache\netapi32.dll
2008-09-15 16:39 1,846,144 ----a-w c:\winnt\system32\win32k.sys
2008-09-15 16:39 1,846,144 ----a-w c:\winnt\system32\dllcache\win32k.sys
2008-09-14 22:52 4,184 --sha-w c:\winnt\system32\KGyGaAvL.sys
2008-06-10 22:44 168 --sh--r c:\documents and settings\All Users\Application Data\F0250A02E7.sys
2003-04-02 21:02 34,544 ----a-w c:\documents and settings\Alfatron\Application Data\GDIPFONTCACHEV1.DAT
2003-02-19 15:41 271 --sh--w c:\program files\desktop.ini
2003-02-19 15:41 22,115 ---h--w c:\program files\folder.htt
2003-06-19 11:58 4,263 --sh--w c:\winnt\windllreg1c.sys
2006-04-07 22:02 88 --sh--r c:\winnt\system32\C8543877AF.sys
2007-11-05 18:59 88 --sh--r c:\winnt\system32\238A9342FB.sys
.
------- Sigcheck -------
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 c:\winnt\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 c:\winnt\system32\dllcache\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\winnt\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 04:54 978432 9f3b76c8cf787449a47f05abab4e13e6 c:\winnt\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-09-19 16:53 98328 --a------ c:\program files\Nero\Nero 9\InCD\NBHshx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2004-08-04 15360]
"L08FXLRD_29181890"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [2007-06-12 351000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LWBMOUSE"="c:\program files\iWare\iWare Mouse\3.2\lwbwheel.exe" [2000-04-27 359424]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2006-10-22 7700480]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\winnt\system32\NVMCTRAY.DLL" [2006-10-22 86016]
"internat.exe"="internat.exe" [2002-08-02 c:\winnt\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2004-08-04 218624]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]
c:\documents and settings\Alfatron\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 2913584]
RocketDock.lnk - c:\winnt\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
UberIcon.lnk - c:\winnt\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\winnt\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
MediaKey.lnk - c:\program files\MediaKey\Versato.exe [2003-03-18 729088]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"msacm.l3acm"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Nero PhotoShow Media Manager"=c:\progra~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"IncrediMail"=c:\program files\IncrediMail\bin\IncMail.exe /c
"ctfmon.exe"=c:\winnt\system32\ctfmon.exe
"L08FXLRD_3599953"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"L08FXLRD_4206500"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"L08FXLRD_1023531"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"L08FXLRD_9520296"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"L08FXLRD_16945250"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -agent
"L08FXLRD_2063984"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ulead AutoDetector v2"=c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"Smapp"=c:\program files\Analog Devices\SoundMAX\Smtray.exe
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"HPDJ Taskbar Utility"=c:\winnt\system32\spool\drivers\w32x86\3\hpztsb08.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
"Picasa Media Detector"=c:\program files\Picasa2\PicasaMediaDetector.exe
"TimeUp"=c:\program files\TimeUp\TimeUp.exe /T
"nwiz"=nwiz.exe /install
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"HotKeysCmds"=c:\winnt\System32\hkcmd.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"IgfxTray"=c:\winnt\System32\igfxtray.exe
"IMONTRAY"=c:\program files\Intel\Intel(R) Active Monitor\imontray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"Synchronization Manager"=%SystemRoot%\system32\mobsync.exe /logon
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"Corel File Shell Monitor"=c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
"Flashget"=c:\program files\FlashGet\FlashGet.exe /min
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"InCD"=c:\program files\Nero\Nero 9\InCD\InCD.exe
"NBHGui"=c:\program files\Nero\Nero 9\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINNT\\System32\\ZoneLabs\\vsmon.exe"=
"c:\\WINNT\\System32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINNT\\System32\\dpvsetup.exe"=
"c:\\WINNT\\System32\\mshta.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\Program Files\\Fichiers communs\\McAfee\\mna\\McNASvc.exe"=
"c:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 kbfilter;Keyboard Filter Driver;c:\winnt\system32\drivers\kbfilter.sys [2003-03-18 11889]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\[u]0/u00.fcl [2007-02-24 20:51:03 13560]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 DLPortIO;DriverLINX Port I/O Driver;\??\c:\winnt\system32\DRIVERS\DLPortIO.SYS [2005-05-12 3584]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 NeroRegInCDSrv;Nero Registry InCD Service;"c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe" [2008-09-19 108568]
R2 regi;regi;c:\winnt\system32\drivers\regi.sys [2007-04-17 11032]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\winnt\System32\TUProgSt.exe [2008-12-06 603904]
S2 0129901226584156mcinstcleanup;McAfee Application Installer Cleanup (0129901226584156);c:\winnt\TEMP\[u]0/u12990~1.EXE c:\progra~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S3 Fiis40qtntm;Fiis40qtntm; []
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\winnt\system32\DRIVERS\K320bus.sys [2008-10-23 61504]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\winnt\system32\drivers\mbamswissarmy.sys [2008-12-11 38496]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2272730a-6d16-11dc-8ac6-00001cde8bd4}]
\Shell\Auto\command - RavMon.exe e
\Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b04d35d8-e60d-11db-8971-ab4e1adce8b9}]
\Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b04d35d9-e60d-11db-8971-ab4e1adce8b9}]
\Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AC6201-B203-10CC-1F32-A0BC12E2014D}]
c:\winnt\system32\mssyncr.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-01 c:\winnt\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-11-15 c:\winnt\Tasks\McDefragTask.job
- c:\winnt\system32\defrag.exe [2004-08-04 04:54]
2008-12-12 c:\winnt\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-04 11:13]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe
Notify-nnnnlmk - nnnnlmk.dll
SafeBoot-sglfb.sys
SafeBoot-tga.sys
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Tout télécharger avec NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger avec NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
O16 -: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
c:\winnt\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
c:\winnt\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\Alfatron\Application Data\Mozilla\Firefox\Profiles\k75863g7.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.yahoo.com
FF -: plugin - c:\documents and settings\Alfatron\Application Data\Mozilla\Firefox\Profiles\k75863g7.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF -: plugin - c:\documents and settings\Alfatron\Application Data\Mozilla\Firefox\Profiles\k75863g7.default\extensions\OpenXMLViewer@Codeplex.com\plugins\npDocX.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - c:\program files\Picasa2\npPicasa2.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 16:11:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0/u00.fcl"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(876)
c:\winnt\system32\relog_ap.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\winnt\System32\DRIVERS\CDANTSRV.EXE
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Nero\Nero 9\InCD\InCDSrv.exe
c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\progra~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\winnt\system32\nvsvc32.exe
c:\winnt\system32\oodag.exe
c:\program files\Fichiers communs\Protexis\License Service\PsiService_2.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Heure de fin: 2008-12-12 16:21:04 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-12 15:20:54
Avant-CF: 127 751 323 648 octets libres
Après-CF: 128,379,748,352 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professionnel" /fastdetect /noexecute=optin
353 --- E O F --- 2008-11-05 23:00:01
2éme Log du 18/12/2008
ComboFix 08-12-17.01 - Alfatron 2008-12-18 20:04:53.2 - [color=red][b]FAT32/b/colorx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.214 [GMT 1:00]
Lancé depuis: c:\documents and settings\Alfatron\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\winnt\IE4 Error Log.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-18 au 2008-12-18 ))))))))))))))))))))))))))))))))))))
.
2031-10-02 21:51 . 2007-12-30 20:57 3,120 --a------ c:\winnt\MF_C421.lfa
2031-10-02 21:51 . 2007-12-30 20:57 3,120 --a------ c:\winnt\MF_C420.lfa
2008-12-16 19:52 . 2008-12-16 19:52 <REP> d--hs---- C:\FOUND.020
2008-12-15 20:26 . 2008-12-15 20:26 <REP> d--hs---- C:\FOUND.019
2008-12-15 14:53 . 2008-12-15 14:53 <REP> d--hs---- C:\FOUND.018
2008-12-14 22:30 . 2008-12-14 22:30 <REP> d--hs---- C:\FOUND.017
2008-12-14 21:59 . 2008-12-14 21:59 <REP> d--hs---- C:\FOUND.016
2008-12-12 17:15 . 2008-12-12 17:15 <REP> d--hs---- C:\FOUND.015
2008-12-12 16:09 . 2008-12-12 16:09 <REP> d--hs---- C:\FOUND.014
2008-12-12 01:58 . 2008-12-12 01:58 <REP> d--hs---- C:\FOUND.013
2008-12-11 20:10 . 2008-12-11 20:10 <REP> d-------- c:\documents and settings\Alfatron\Application Data\Malwarebytes
2008-12-11 20:10 . 2008-12-03 19:52 15,504 --a------ c:\winnt\system32\drivers\mbam.sys
2008-12-11 20:09 . 2008-12-11 20:09 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-11 20:09 . 2008-12-11 20:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 20:09 . 2008-12-03 19:52 38,496 --a------ c:\winnt\system32\drivers\mbamswissarmy.sys
2008-12-11 18:27 . 2008-12-11 18:27 <REP> d--hs---- C:\FOUND.012
2008-12-11 16:10 . 2008-12-11 16:10 <REP> d--hs---- C:\FOUND.011
2008-12-10 18:40 . 2008-12-10 18:40 <REP> d--hs---- C:\FOUND.010
2008-12-10 12:18 . 2008-12-10 12:18 <REP> d--hs---- C:\FOUND.009
2008-12-10 00:08 . 2008-12-10 00:08 362,240 --a------ c:\winnt\system32\TuneUpDefragService.exe
2008-12-09 23:18 . 2008-12-09 23:19 <REP> d-------- c:\program files\TuneUp Utilities 2009
2008-12-09 19:27 . 2008-12-09 19:27 <REP> d--hs---- C:\FOUND.008
2008-12-08 23:49 . 2008-12-08 23:49 <REP> d--hs---- C:\FOUND.007
2008-12-08 22:44 . 2008-12-08 22:44 <REP> d--hs---- C:\FOUND.006
2008-12-07 22:27 . 2008-12-07 22:27 <REP> d--hs---- C:\FOUND.005
2008-12-07 21:58 . 2008-12-07 21:58 <REP> d--hs---- C:\FOUND.004
2008-12-07 19:42 . 2008-12-07 19:42 <REP> d--hs---- C:\FOUND.003
2008-12-06 22:27 . 2008-12-06 22:27 603,904 --a------ c:\winnt\system32\TUProgSt.exe
2008-12-06 22:21 . 2008-12-06 22:21 <REP> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-01 23:20 . 2008-12-01 23:20 <REP> d-------- c:\documents and settings\Alfatron\Application Data\AIMP
2008-12-01 23:19 . 2008-12-01 23:19 <REP> d-------- c:\program files\AIMP2
2008-11-25 20:05 . 2004-11-01 04:19 163,712 --a------ c:\winnt\system32\drivers\vinyl97.sys
2008-11-23 22:25 . 2008-11-23 22:25 <REP> d--hs---- C:\FOUND.002
2008-11-21 12:01 . 2008-11-21 12:01 <REP> d-------- c:\documents and settings\Alfatron\Application Data\Xi
2008-11-21 11:57 . 2008-11-21 11:57 <REP> d-------- c:\program files\Free Download Manager
2008-11-21 11:57 . 2008-11-21 11:57 <REP> d-------- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2008-11-21 11:55 . 2008-11-21 11:55 <REP> d-------- c:\program files\Xi
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 19:42 5,018 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-10-30 22:13 --------- d-----w c:\program files\YourWare Solutions
2008-10-27 21:45 --------- d-----w c:\documents and settings\Alfatron\Application Data\LimeWire
2008-10-25 21:56 --------- d-----w c:\program files\Fichiers communs\Skype
2008-10-16 13:13 202,776 ----a-w c:\winnt\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\winnt\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\winnt\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\winnt\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\winnt\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\winnt\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\winnt\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\winnt\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\winnt\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\winnt\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\winnt\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\winnt\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\winnt\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\winnt\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\winnt\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\winnt\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\winnt\system32\muweb.dll
2008-10-15 16:59 332,800 ----a-w c:\winnt\system32\dllcache\netapi32.dll
2008-06-10 22:44 168 --sh--r c:\documents and settings\All Users\Application Data\F0250A02E7.sys
2003-04-02 21:02 34,544 ----a-w c:\documents and settings\Alfatron\Application Data\GDIPFONTCACHEV1.DAT
2003-02-19 15:41 271 --sh--w c:\program files\desktop.ini
2003-02-19 15:41 22,115 ---h--w c:\program files\folder.htt
2003-06-19 11:58 4,263 --sh--w c:\winnt\windllreg1c.sys
2006-04-07 22:02 88 --sh--r c:\winnt\system32\C8543877AF.sys
2008-09-14 22:52 4,184 --sha-w c:\winnt\system32\KGyGaAvL.sys
2007-11-05 18:59 88 --sh--r c:\winnt\system32\238A9342FB.sys
.
------- Sigcheck -------
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 c:\winnt\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 c:\winnt\system32\dllcache\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\winnt\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 04:54 978432 9f3b76c8cf787449a47f05abab4e13e6 c:\winnt\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-12-12_16.18.11.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-12 11:01:32 32,768 ----a-w c:\winnt\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-14 16:59:02 32,768 ----a-w c:\winnt\system32\config\systemprofile\Cookies\index.dat
- 2008-12-12 11:01:32 32,768 ----a-w c:\winnt\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-12-14 16:59:02 32,768 ----a-w c:\winnt\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-11-14 23:34:00 1,949,480 ----a-w c:\winnt\system32\FNTCACHE.DAT
+ 2008-12-18 18:12:46 1,949,448 ----a-w c:\winnt\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-09-19 16:53 98328 --a------ c:\program files\Nero\Nero 9\InCD\NBHshx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2004-08-04 15360]
"L08FXLRD_29181890"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [2007-06-12 351000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LWBMOUSE"="c:\program files\iWare\iWare Mouse\3.2\lwbwheel.exe" [2000-04-27 359424]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2006-10-22 7700480]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\winnt\system32\NVMCTRAY.DLL" [2006-10-22 86016]
"internat.exe"="internat.exe" [2002-08-02 c:\winnt\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2004-08-04 218624]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]
"IETI"="c:\program files\Skype\Phone\IEPlugin\unins000.exe" [BU]
c:\documents and settings\Alfatron\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 2913584]
RocketDock.lnk - c:\winnt\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
UberIcon.lnk - c:\winnt\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\winnt\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
MediaKey.lnk - c:\program files\MediaKey\Versato.exe [2003-03-18 729088]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnlmk]
nnnnlmk.dll [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"msacm.l3acm"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Nero PhotoShow Media Manager"=c:\progra~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"IncrediMail"=c:\program files\IncrediMail\bin\IncMail.exe /c
"ctfmon.exe"=c:\winnt\system32\ctfmon.exe
"L08FXLRD_3599953"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"L08FXLRD_4206500"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"L08FXLRD_1023531"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"L08FXLRD_9520296"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"L08FXLRD_16945250"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -agent
"L08FXLRD_2063984"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ulead AutoDetector v2"=c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"Smapp"=c:\program files\Analog Devices\SoundMAX\Smtray.exe
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"HPDJ Taskbar Utility"=c:\winnt\system32\spool\drivers\w32x86\3\hpztsb08.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
"Picasa Media Detector"=c:\program files\Picasa2\PicasaMediaDetector.exe
"TimeUp"=c:\program files\TimeUp\TimeUp.exe /T
"nwiz"=nwiz.exe /install
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"HotKeysCmds"=c:\winnt\System32\hkcmd.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"IgfxTray"=c:\winnt\System32\igfxtray.exe
"IMONTRAY"=c:\program files\Intel\Intel(R) Active Monitor\imontray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"Synchronization Manager"=%SystemRoot%\system32\mobsync.exe /logon
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"Corel File Shell Monitor"=c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
"Flashget"=c:\program files\FlashGet\FlashGet.exe /min
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"InCD"=c:\program files\Nero\Nero 9\InCD\InCD.exe
"NBHGui"=c:\program files\Nero\Nero 9\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINNT\\System32\\ZoneLabs\\vsmon.exe"=
"c:\\WINNT\\System32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINNT\\System32\\dpvsetup.exe"=
"c:\\WINNT\\System32\\mshta.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\Program Files\\Fichiers communs\\McAfee\\mna\\McNASvc.exe"=
"c:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 kbfilter;Keyboard Filter Driver;c:\winnt\system32\drivers\kbfilter.sys [2003-03-18 11889]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\[u]0/u00.fcl [2007-02-24 20:51:03 13560]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 DLPortIO;DriverLINX Port I/O Driver;\??\c:\winnt\system32\DRIVERS\DLPortIO.SYS [2005-05-12 3584]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 NeroRegInCDSrv;Nero Registry InCD Service;"c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe" [2008-09-19 108568]
R2 regi;regi;c:\winnt\system32\drivers\regi.sys [2007-04-17 11032]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\winnt\System32\TUProgSt.exe [2008-12-06 603904]
S2 0129901226584156mcinstcleanup;McAfee Application Installer Cleanup (0129901226584156);c:\winnt\TEMP\[u]0/u12990~1.EXE c:\progra~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S3 Fiis40qtntm;Fiis40qtntm; []
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\winnt\system32\DRIVERS\K320bus.sys [2008-10-23 61504]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2272730a-6d16-11dc-8ac6-00001cde8bd4}]
\Shell\Auto\command - RavMon.exe e
\Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b04d35d8-e60d-11db-8971-ab4e1adce8b9}]
\Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b04d35d9-e60d-11db-8971-ab4e1adce8b9}]
\Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AC6201-B203-10CC-1F32-A0BC12E2014D}]
c:\winnt\system32\mssyncr.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-01 c:\winnt\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-11-15 c:\winnt\Tasks\McDefragTask.job
- c:\winnt\system32\defrag.exe [2004-08-04 04:54]
2008-12-18 c:\winnt\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-04 11:13]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Tout télécharger avec NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger avec NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
O16 -: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
c:\winnt\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
c:\winnt\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Alfatron\Application Data\Mozilla\Firefox\Profiles\k75863g7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\Alfatron\Application Data\Mozilla\Firefox\Profiles\k75863g7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\documents and settings\Alfatron\Application Data\Mozilla\Firefox\Profiles\k75863g7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\documents and settings\Alfatron\Application Data\Mozilla\Firefox\Profiles\k75863g7.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\documents and settings\Alfatron\Application Data\Mozilla\Firefox\Profiles\k75863g7.default\extensions\OpenXMLViewer@Codeplex.com\plugins\npDocX.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE /color
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 20:19:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0/u00.fcl"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(1572)
c:\winnt\system32\relog_ap.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
c:\program files\FICHIERS COMMUNS\ACRONIS\SCHEDULE2\SCHEDUL2.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\winnt\SYSTEM32\DRIVERS\CDANTSRV.EXE
c:\program files\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
c:\program files\NERO\NERO 9\INCD\INCDSRV.EXE
c:\program files\FICHIERS COMMUNS\INTERVIDEO\REGMGR\IVIREGMGR.EXE
c:\program files\MCAFEE\MSC\MCMSCSVC.EXE
c:\program files\FICHIERS COMMUNS\MCAFEE\MNA\MCNASVC.EXE
c:\program files\FICHIERS COMMUNS\MCAFEE\MCPROXY\MCPROXY.EXE
c:\program files\MCAFEE\VIRUSSCAN\MCSHIELD.EXE
c:\program files\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\winnt\system32\nvsvc32.exe
c:\winnt\system32\oodag.exe
c:\winnt\system32\PSIService.exe
c:\program files\Fichiers communs\Protexis\License Service\PsiService_2.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Heure de fin: 2008-12-18 20:25:54 - La machine a redémarré [Alfatron]
ComboFix-quarantined-files.txt 2008-12-18 19:25:48
ComboFix2.txt 2008-12-12 15:21:08
Avant-CF: 128,429,031,424 octets libres
Après-CF: 128,420,380,672 octets libres
326 --- E O F --- 2008-11-05 23:00:01
Depuis plus d’une semaine mon PC m’affiche un écran bleu avec le message suivant : KERNEL_STACK_INPAGE_ERROR avec erreur 0x00000077
J’ai fait un scan complet avec mon anti virus McAfee, qui me détecte un virus au niveau du C:\system32\dmserver.dll virus W32/Patcher, mais malheureusement il n’arrive pas à le supprimer. Voici le détail de l’analyse : Analyse après redémarrage, et il ne me donne pas la main pour le supprimer ni de le mettre sous quarantaine.
Mais ce qui est étonnant c’est ci je vais sur restaurer, je le retrouve et je peux le supprimer mais après un nouveau scan il est toujours la. Et le problème de l’écran bleu persiste toujours.
J’ai téléchargé Malwrebytes’ et j’ai scanné mon PC en mode sans échec, il a trouvé ds virus et il les a supprimés, mais le virus W32/Patcher excite toujours et il me cause toujours le même problème (ECRAN BLEU avec le même message).
Je vous prie de bien vouloir m’aider à éliminer ce virus.
Voici le log de ComboFix du 12/12/2008 + un 2éme log du 18/12/2008
1er Log du 12/12/208
ComboFix 08-12-09.03 - Alfatron 2008-12-12 15:46:21.1 - [color=red][b]FAT32/b/colorx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.221 [GMT 1:00]
Lancé depuis: c:\documents and settings\Alfatron\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Alfatron\Favoris\Online Security Guide.lnk
c:\documents and settings\Alfatron\Local Settings\Temporary Internet Files\[u]0/u0126ac5.jpg
c:\documents and settings\Alfatron\Local Settings\Temporary Internet Files\artmod_jewel_expand.GIF
c:\documents and settings\Alfatron\Local Settings\Temporary Internet Files\EUP2B.tmp
c:\documents and settings\Alfatron\Local Settings\Temporary Internet Files\EUP5F.tmp
c:\documents and settings\Alfatron\Mes documents\SSEMBL~1
c:\winnt\IE4 Error Log.txt
c:\winnt\system32\_000110_.tmp.dll
c:\winnt\system32\bgtubjjb.ini
c:\winnt\system32\dfhfmqns.ini
c:\winnt\system32\dyeimdrg.ini
c:\winnt\system32\emlskjki.ini
c:\winnt\system32\fnogamcm.ini
c:\winnt\system32\gvmafqri.ini
c:\winnt\system32\gxlykdnd.ini
c:\winnt\system32\ihyrtvxe.ini
c:\winnt\system32\jkdofadw.ini
c:\winnt\system32\kbnlwhdr.ini
c:\winnt\system32\kortdmlq.ini
c:\winnt\system32\mbvcmixf.ini
c:\winnt\system32\mewwbdfk.ini
c:\winnt\system32\mnutyvga.ini
c:\winnt\system32\mpktvqhf.ini
c:\winnt\system32\nsxtkilw.ini
c:\winnt\system32\qrlbmjie.ini
c:\winnt\system32\scnnngfr.ini
c:\winnt\system32\upvldvqp.ini
c:\winnt\system32\vhlocxnq.ini
c:\winnt\system32\vruuukva.ini
c:\winnt\system32\vxpeykrh.ini
c:\winnt\system32\vyyfsirk.ini
c:\winnt\system32\wycdd.bak1
c:\winnt\system32\wycdd.bak2
c:\winnt\system32\wycdd.ini
c:\winnt\system32\wycdd.ini2
c:\winnt\system32\wycdd.tmp
c:\winnt\system32\wycdd.tmp2
c:\winnt\system32\xiesvoxk.ini
c:\winnt\system32\xvrpkfop.ini
c:\winnt\Web\default.htt
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
-------\Service_IAS
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-12 au 2008-12-12 ))))))))))))))))))))))))))))))))))))
.
2031-10-02 21:51 . 2007-12-30 20:57 3,120 --a------ c:\winnt\MF_C421.lfa
2031-10-02 21:51 . 2007-12-30 20:57 3,120 --a------ c:\winnt\MF_C420.lfa
2008-12-12 16:09 . 2008-12-12 16:09 <REP> d--hs---- C:\FOUND.014
2008-12-12 01:58 . 2008-12-12 01:58 <REP> d--hs---- C:\FOUND.013
2008-12-11 20:10 . 2008-12-11 20:10 <REP> d-------- c:\documents and settings\Alfatron\Application Data\Malwarebytes
2008-12-11 20:10 . 2008-12-03 19:52 15,504 --a------ c:\winnt\system32\drivers\mbam.sys
2008-12-11 20:09 . 2008-12-11 20:09 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-11 20:09 . 2008-12-11 20:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 20:09 . 2008-12-03 19:52 38,496 --a------ c:\winnt\system32\drivers\mbamswissarmy.sys
2008-12-11 18:27 . 2008-12-11 18:27 <REP> d--hs---- C:\FOUND.012
2008-12-11 16:10 . 2008-12-11 16:10 <REP> d--hs---- C:\FOUND.011
2008-12-10 18:40 . 2008-12-10 18:40 <REP> d--hs---- C:\FOUND.010
2008-12-10 12:18 . 2008-12-10 12:18 <REP> d--hs---- C:\FOUND.009
2008-12-10 00:08 . 2008-12-10 00:08 362,240 --a------ c:\winnt\system32\TuneUpDefragService.exe
2008-12-09 23:18 . 2008-12-09 23:19 <REP> d-------- c:\program files\TuneUp Utilities 2009
2008-12-09 19:27 . 2008-12-09 19:27 <REP> d--hs---- C:\FOUND.008
2008-12-08 23:49 . 2008-12-08 23:49 <REP> d--hs---- C:\FOUND.007
2008-12-08 22:44 . 2008-12-08 22:44 <REP> d--hs---- C:\FOUND.006
2008-12-07 22:27 . 2008-12-07 22:27 <REP> d--hs---- C:\FOUND.005
2008-12-07 21:58 . 2008-12-07 21:58 <REP> d--hs---- C:\FOUND.004
2008-12-07 19:42 . 2008-12-07 19:42 <REP> d--hs---- C:\FOUND.003
2008-12-06 22:27 . 2008-12-06 22:27 603,904 --a------ c:\winnt\system32\TUProgSt.exe
2008-12-06 22:21 . 2008-12-06 22:21 <REP> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-01 23:20 . 2008-12-01 23:20 <REP> d-------- c:\documents and settings\Alfatron\Application Data\AIMP
2008-12-01 23:19 . 2008-12-01 23:19 <REP> d-------- c:\program files\AIMP2
2008-11-25 20:05 . 2004-11-01 04:19 163,712 --a------ c:\winnt\system32\drivers\vinyl97.sys
2008-11-23 22:25 . 2008-11-23 22:25 <REP> d--hs---- C:\FOUND.002
2008-11-21 12:01 . 2008-11-21 12:01 <REP> d-------- c:\documents and settings\Alfatron\Application Data\Xi
2008-11-21 11:57 . 2008-11-21 11:57 <REP> d-------- c:\program files\Free Download Manager
2008-11-21 11:57 . 2008-11-21 11:57 <REP> d-------- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2008-11-21 11:55 . 2008-11-21 11:55 <REP> d-------- c:\program files\Xi
2008-11-12 19:14 . 2008-11-15 22:27 54,156 --ah----- c:\winnt\QTFont.qfn
2008-11-12 19:14 . 2008-11-12 19:14 1,409 --a------ c:\winnt\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 19:42 5,018 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-10-30 22:13 --------- d-----w c:\program files\YourWare Solutions
2008-10-27 21:45 --------- d-----w c:\documents and settings\Alfatron\Application Data\LimeWire
2008-10-25 21:56 --------- d-----w c:\program files\Fichiers communs\Skype
2008-10-16 13:13 202,776 ----a-w c:\winnt\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\winnt\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\winnt\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\winnt\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\winnt\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\winnt\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\winnt\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\winnt\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\winnt\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\winnt\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\winnt\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\winnt\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\winnt\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\winnt\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\winnt\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\winnt\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\winnt\system32\muweb.dll
2008-10-15 16:59 332,800 ----a-w c:\winnt\system32\dllcache\netapi32.dll
2008-09-15 16:39 1,846,144 ----a-w c:\winnt\system32\win32k.sys
2008-09-15 16:39 1,846,144 ----a-w c:\winnt\system32\dllcache\win32k.sys
2008-09-14 22:52 4,184 --sha-w c:\winnt\system32\KGyGaAvL.sys
2008-06-10 22:44 168 --sh--r c:\documents and settings\All Users\Application Data\F0250A02E7.sys
2003-04-02 21:02 34,544 ----a-w c:\documents and settings\Alfatron\Application Data\GDIPFONTCACHEV1.DAT
2003-02-19 15:41 271 --sh--w c:\program files\desktop.ini
2003-02-19 15:41 22,115 ---h--w c:\program files\folder.htt
2003-06-19 11:58 4,263 --sh--w c:\winnt\windllreg1c.sys
2006-04-07 22:02 88 --sh--r c:\winnt\system32\C8543877AF.sys
2007-11-05 18:59 88 --sh--r c:\winnt\system32\238A9342FB.sys
.
------- Sigcheck -------
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 c:\winnt\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 c:\winnt\system32\dllcache\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\winnt\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 04:54 978432 9f3b76c8cf787449a47f05abab4e13e6 c:\winnt\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-09-19 16:53 98328 --a------ c:\program files\Nero\Nero 9\InCD\NBHshx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2004-08-04 15360]
"L08FXLRD_29181890"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [2007-06-12 351000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LWBMOUSE"="c:\program files\iWare\iWare Mouse\3.2\lwbwheel.exe" [2000-04-27 359424]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2006-10-22 7700480]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\winnt\system32\NVMCTRAY.DLL" [2006-10-22 86016]
"internat.exe"="internat.exe" [2002-08-02 c:\winnt\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2004-08-04 218624]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]
c:\documents and settings\Alfatron\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 2913584]
RocketDock.lnk - c:\winnt\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
UberIcon.lnk - c:\winnt\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\winnt\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
MediaKey.lnk - c:\program files\MediaKey\Versato.exe [2003-03-18 729088]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"msacm.l3acm"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Nero PhotoShow Media Manager"=c:\progra~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"IncrediMail"=c:\program files\IncrediMail\bin\IncMail.exe /c
"ctfmon.exe"=c:\winnt\system32\ctfmon.exe
"L08FXLRD_3599953"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"L08FXLRD_4206500"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"L08FXLRD_1023531"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"L08FXLRD_9520296"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"L08FXLRD_16945250"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -agent
"L08FXLRD_2063984"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ulead AutoDetector v2"=c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"Smapp"=c:\program files\Analog Devices\SoundMAX\Smtray.exe
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"HPDJ Taskbar Utility"=c:\winnt\system32\spool\drivers\w32x86\3\hpztsb08.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
"Picasa Media Detector"=c:\program files\Picasa2\PicasaMediaDetector.exe
"TimeUp"=c:\program files\TimeUp\TimeUp.exe /T
"nwiz"=nwiz.exe /install
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"HotKeysCmds"=c:\winnt\System32\hkcmd.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"IgfxTray"=c:\winnt\System32\igfxtray.exe
"IMONTRAY"=c:\program files\Intel\Intel(R) Active Monitor\imontray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"Synchronization Manager"=%SystemRoot%\system32\mobsync.exe /logon
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"Corel File Shell Monitor"=c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
"Flashget"=c:\program files\FlashGet\FlashGet.exe /min
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"InCD"=c:\program files\Nero\Nero 9\InCD\InCD.exe
"NBHGui"=c:\program files\Nero\Nero 9\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINNT\\System32\\ZoneLabs\\vsmon.exe"=
"c:\\WINNT\\System32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINNT\\System32\\dpvsetup.exe"=
"c:\\WINNT\\System32\\mshta.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\Program Files\\Fichiers communs\\McAfee\\mna\\McNASvc.exe"=
"c:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 kbfilter;Keyboard Filter Driver;c:\winnt\system32\drivers\kbfilter.sys [2003-03-18 11889]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\[u]0/u00.fcl [2007-02-24 20:51:03 13560]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 DLPortIO;DriverLINX Port I/O Driver;\??\c:\winnt\system32\DRIVERS\DLPortIO.SYS [2005-05-12 3584]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 NeroRegInCDSrv;Nero Registry InCD Service;"c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe" [2008-09-19 108568]
R2 regi;regi;c:\winnt\system32\drivers\regi.sys [2007-04-17 11032]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\winnt\System32\TUProgSt.exe [2008-12-06 603904]
S2 0129901226584156mcinstcleanup;McAfee Application Installer Cleanup (0129901226584156);c:\winnt\TEMP\[u]0/u12990~1.EXE c:\progra~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S3 Fiis40qtntm;Fiis40qtntm; []
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\winnt\system32\DRIVERS\K320bus.sys [2008-10-23 61504]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\winnt\system32\drivers\mbamswissarmy.sys [2008-12-11 38496]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2272730a-6d16-11dc-8ac6-00001cde8bd4}]
\Shell\Auto\command - RavMon.exe e
\Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b04d35d8-e60d-11db-8971-ab4e1adce8b9}]
\Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b04d35d9-e60d-11db-8971-ab4e1adce8b9}]
\Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AC6201-B203-10CC-1F32-A0BC12E2014D}]
c:\winnt\system32\mssyncr.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-01 c:\winnt\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-11-15 c:\winnt\Tasks\McDefragTask.job
- c:\winnt\system32\defrag.exe [2004-08-04 04:54]
2008-12-12 c:\winnt\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-04 11:13]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe
Notify-nnnnlmk - nnnnlmk.dll
SafeBoot-sglfb.sys
SafeBoot-tga.sys
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Tout télécharger avec NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger avec NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
O16 -: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
c:\winnt\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
c:\winnt\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\Alfatron\Application Data\Mozilla\Firefox\Profiles\k75863g7.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.yahoo.com
FF -: plugin - c:\documents and settings\Alfatron\Application Data\Mozilla\Firefox\Profiles\k75863g7.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF -: plugin - c:\documents and settings\Alfatron\Application Data\Mozilla\Firefox\Profiles\k75863g7.default\extensions\OpenXMLViewer@Codeplex.com\plugins\npDocX.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - c:\program files\Picasa2\npPicasa2.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 16:11:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0/u00.fcl"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(876)
c:\winnt\system32\relog_ap.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\winnt\System32\DRIVERS\CDANTSRV.EXE
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Nero\Nero 9\InCD\InCDSrv.exe
c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\progra~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\winnt\system32\nvsvc32.exe
c:\winnt\system32\oodag.exe
c:\program files\Fichiers communs\Protexis\License Service\PsiService_2.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Heure de fin: 2008-12-12 16:21:04 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-12 15:20:54
Avant-CF: 127 751 323 648 octets libres
Après-CF: 128,379,748,352 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professionnel" /fastdetect /noexecute=optin
353 --- E O F --- 2008-11-05 23:00:01
2éme Log du 18/12/2008
ComboFix 08-12-17.01 - Alfatron 2008-12-18 20:04:53.2 - [color=red][b]FAT32/b/colorx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.214 [GMT 1:00]
Lancé depuis: c:\documents and settings\Alfatron\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\winnt\IE4 Error Log.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-18 au 2008-12-18 ))))))))))))))))))))))))))))))))))))
.
2031-10-02 21:51 . 2007-12-30 20:57 3,120 --a------ c:\winnt\MF_C421.lfa
2031-10-02 21:51 . 2007-12-30 20:57 3,120 --a------ c:\winnt\MF_C420.lfa
2008-12-16 19:52 . 2008-12-16 19:52 <REP> d--hs---- C:\FOUND.020
2008-12-15 20:26 . 2008-12-15 20:26 <REP> d--hs---- C:\FOUND.019
2008-12-15 14:53 . 2008-12-15 14:53 <REP> d--hs---- C:\FOUND.018
2008-12-14 22:30 . 2008-12-14 22:30 <REP> d--hs---- C:\FOUND.017
2008-12-14 21:59 . 2008-12-14 21:59 <REP> d--hs---- C:\FOUND.016
2008-12-12 17:15 . 2008-12-12 17:15 <REP> d--hs---- C:\FOUND.015
2008-12-12 16:09 . 2008-12-12 16:09 <REP> d--hs---- C:\FOUND.014
2008-12-12 01:58 . 2008-12-12 01:58 <REP> d--hs---- C:\FOUND.013
2008-12-11 20:10 . 2008-12-11 20:10 <REP> d-------- c:\documents and settings\Alfatron\Application Data\Malwarebytes
2008-12-11 20:10 . 2008-12-03 19:52 15,504 --a------ c:\winnt\system32\drivers\mbam.sys
2008-12-11 20:09 . 2008-12-11 20:09 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-11 20:09 . 2008-12-11 20:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 20:09 . 2008-12-03 19:52 38,496 --a------ c:\winnt\system32\drivers\mbamswissarmy.sys
2008-12-11 18:27 . 2008-12-11 18:27 <REP> d--hs---- C:\FOUND.012
2008-12-11 16:10 . 2008-12-11 16:10 <REP> d--hs---- C:\FOUND.011
2008-12-10 18:40 . 2008-12-10 18:40 <REP> d--hs---- C:\FOUND.010
2008-12-10 12:18 . 2008-12-10 12:18 <REP> d--hs---- C:\FOUND.009
2008-12-10 00:08 . 2008-12-10 00:08 362,240 --a------ c:\winnt\system32\TuneUpDefragService.exe
2008-12-09 23:18 . 2008-12-09 23:19 <REP> d-------- c:\program files\TuneUp Utilities 2009
2008-12-09 19:27 . 2008-12-09 19:27 <REP> d--hs---- C:\FOUND.008
2008-12-08 23:49 . 2008-12-08 23:49 <REP> d--hs---- C:\FOUND.007
2008-12-08 22:44 . 2008-12-08 22:44 <REP> d--hs---- C:\FOUND.006
2008-12-07 22:27 . 2008-12-07 22:27 <REP> d--hs---- C:\FOUND.005
2008-12-07 21:58 . 2008-12-07 21:58 <REP> d--hs---- C:\FOUND.004
2008-12-07 19:42 . 2008-12-07 19:42 <REP> d--hs---- C:\FOUND.003
2008-12-06 22:27 . 2008-12-06 22:27 603,904 --a------ c:\winnt\system32\TUProgSt.exe
2008-12-06 22:21 . 2008-12-06 22:21 <REP> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-01 23:20 . 2008-12-01 23:20 <REP> d-------- c:\documents and settings\Alfatron\Application Data\AIMP
2008-12-01 23:19 . 2008-12-01 23:19 <REP> d-------- c:\program files\AIMP2
2008-11-25 20:05 . 2004-11-01 04:19 163,712 --a------ c:\winnt\system32\drivers\vinyl97.sys
2008-11-23 22:25 . 2008-11-23 22:25 <REP> d--hs---- C:\FOUND.002
2008-11-21 12:01 . 2008-11-21 12:01 <REP> d-------- c:\documents and settings\Alfatron\Application Data\Xi
2008-11-21 11:57 . 2008-11-21 11:57 <REP> d-------- c:\program files\Free Download Manager
2008-11-21 11:57 . 2008-11-21 11:57 <REP> d-------- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2008-11-21 11:55 . 2008-11-21 11:55 <REP> d-------- c:\program files\Xi
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 19:42 5,018 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-10-30 22:13 --------- d-----w c:\program files\YourWare Solutions
2008-10-27 21:45 --------- d-----w c:\documents and settings\Alfatron\Application Data\LimeWire
2008-10-25 21:56 --------- d-----w c:\program files\Fichiers communs\Skype
2008-10-16 13:13 202,776 ----a-w c:\winnt\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\winnt\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\winnt\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\winnt\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\winnt\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\winnt\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\winnt\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\winnt\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\winnt\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\winnt\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\winnt\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\winnt\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\winnt\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\winnt\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\winnt\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\winnt\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\winnt\system32\muweb.dll
2008-10-15 16:59 332,800 ----a-w c:\winnt\system32\dllcache\netapi32.dll
2008-06-10 22:44 168 --sh--r c:\documents and settings\All Users\Application Data\F0250A02E7.sys
2003-04-02 21:02 34,544 ----a-w c:\documents and settings\Alfatron\Application Data\GDIPFONTCACHEV1.DAT
2003-02-19 15:41 271 --sh--w c:\program files\desktop.ini
2003-02-19 15:41 22,115 ---h--w c:\program files\folder.htt
2003-06-19 11:58 4,263 --sh--w c:\winnt\windllreg1c.sys
2006-04-07 22:02 88 --sh--r c:\winnt\system32\C8543877AF.sys
2008-09-14 22:52 4,184 --sha-w c:\winnt\system32\KGyGaAvL.sys
2007-11-05 18:59 88 --sh--r c:\winnt\system32\238A9342FB.sys
.
------- Sigcheck -------
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 c:\winnt\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 c:\winnt\system32\dllcache\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\winnt\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 04:54 978432 9f3b76c8cf787449a47f05abab4e13e6 c:\winnt\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-12-12_16.18.11.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-12 11:01:32 32,768 ----a-w c:\winnt\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-14 16:59:02 32,768 ----a-w c:\winnt\system32\config\systemprofile\Cookies\index.dat
- 2008-12-12 11:01:32 32,768 ----a-w c:\winnt\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-12-14 16:59:02 32,768 ----a-w c:\winnt\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-11-14 23:34:00 1,949,480 ----a-w c:\winnt\system32\FNTCACHE.DAT
+ 2008-12-18 18:12:46 1,949,448 ----a-w c:\winnt\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-09-19 16:53 98328 --a------ c:\program files\Nero\Nero 9\InCD\NBHshx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2004-08-04 15360]
"L08FXLRD_29181890"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [2007-06-12 351000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LWBMOUSE"="c:\program files\iWare\iWare Mouse\3.2\lwbwheel.exe" [2000-04-27 359424]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2006-10-22 7700480]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\winnt\system32\NVMCTRAY.DLL" [2006-10-22 86016]
"internat.exe"="internat.exe" [2002-08-02 c:\winnt\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2004-08-04 218624]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]
"IETI"="c:\program files\Skype\Phone\IEPlugin\unins000.exe" [BU]
c:\documents and settings\Alfatron\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 2913584]
RocketDock.lnk - c:\winnt\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
UberIcon.lnk - c:\winnt\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\winnt\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
MediaKey.lnk - c:\program files\MediaKey\Versato.exe [2003-03-18 729088]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnlmk]
nnnnlmk.dll [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"msacm.l3acm"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Nero PhotoShow Media Manager"=c:\progra~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"IncrediMail"=c:\program files\IncrediMail\bin\IncMail.exe /c
"ctfmon.exe"=c:\winnt\system32\ctfmon.exe
"L08FXLRD_3599953"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"L08FXLRD_4206500"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"L08FXLRD_1023531"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"L08FXLRD_9520296"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"L08FXLRD_16945250"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -agent
"L08FXLRD_2063984"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ulead AutoDetector v2"=c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"Smapp"=c:\program files\Analog Devices\SoundMAX\Smtray.exe
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"HPDJ Taskbar Utility"=c:\winnt\system32\spool\drivers\w32x86\3\hpztsb08.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
"Picasa Media Detector"=c:\program files\Picasa2\PicasaMediaDetector.exe
"TimeUp"=c:\program files\TimeUp\TimeUp.exe /T
"nwiz"=nwiz.exe /install
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"HotKeysCmds"=c:\winnt\System32\hkcmd.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"IgfxTray"=c:\winnt\System32\igfxtray.exe
"IMONTRAY"=c:\program files\Intel\Intel(R) Active Monitor\imontray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"Synchronization Manager"=%SystemRoot%\system32\mobsync.exe /logon
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"Corel File Shell Monitor"=c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
"Flashget"=c:\program files\FlashGet\FlashGet.exe /min
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"InCD"=c:\program files\Nero\Nero 9\InCD\InCD.exe
"NBHGui"=c:\program files\Nero\Nero 9\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINNT\\System32\\ZoneLabs\\vsmon.exe"=
"c:\\WINNT\\System32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINNT\\System32\\dpvsetup.exe"=
"c:\\WINNT\\System32\\mshta.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\Program Files\\Fichiers communs\\McAfee\\mna\\McNASvc.exe"=
"c:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 kbfilter;Keyboard Filter Driver;c:\winnt\system32\drivers\kbfilter.sys [2003-03-18 11889]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\[u]0/u00.fcl [2007-02-24 20:51:03 13560]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 DLPortIO;DriverLINX Port I/O Driver;\??\c:\winnt\system32\DRIVERS\DLPortIO.SYS [2005-05-12 3584]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 NeroRegInCDSrv;Nero Registry InCD Service;"c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe" [2008-09-19 108568]
R2 regi;regi;c:\winnt\system32\drivers\regi.sys [2007-04-17 11032]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\winnt\System32\TUProgSt.exe [2008-12-06 603904]
S2 0129901226584156mcinstcleanup;McAfee Application Installer Cleanup (0129901226584156);c:\winnt\TEMP\[u]0/u12990~1.EXE c:\progra~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S3 Fiis40qtntm;Fiis40qtntm; []
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\winnt\system32\DRIVERS\K320bus.sys [2008-10-23 61504]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2272730a-6d16-11dc-8ac6-00001cde8bd4}]
\Shell\Auto\command - RavMon.exe e
\Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b04d35d8-e60d-11db-8971-ab4e1adce8b9}]
\Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b04d35d9-e60d-11db-8971-ab4e1adce8b9}]
\Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AC6201-B203-10CC-1F32-A0BC12E2014D}]
c:\winnt\system32\mssyncr.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-01 c:\winnt\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-11-15 c:\winnt\Tasks\McDefragTask.job
- c:\winnt\system32\defrag.exe [2004-08-04 04:54]
2008-12-18 c:\winnt\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-04 11:13]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Tout télécharger avec NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger avec NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
O16 -: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
c:\winnt\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
c:\winnt\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Alfatron\Application Data\Mozilla\Firefox\Profiles\k75863g7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\Alfatron\Application Data\Mozilla\Firefox\Profiles\k75863g7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\documents and settings\Alfatron\Application Data\Mozilla\Firefox\Profiles\k75863g7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\documents and settings\Alfatron\Application Data\Mozilla\Firefox\Profiles\k75863g7.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\documents and settings\Alfatron\Application Data\Mozilla\Firefox\Profiles\k75863g7.default\extensions\OpenXMLViewer@Codeplex.com\plugins\npDocX.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE /color
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 20:19:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0/u00.fcl"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(1572)
c:\winnt\system32\relog_ap.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
c:\program files\FICHIERS COMMUNS\ACRONIS\SCHEDULE2\SCHEDUL2.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\winnt\SYSTEM32\DRIVERS\CDANTSRV.EXE
c:\program files\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
c:\program files\NERO\NERO 9\INCD\INCDSRV.EXE
c:\program files\FICHIERS COMMUNS\INTERVIDEO\REGMGR\IVIREGMGR.EXE
c:\program files\MCAFEE\MSC\MCMSCSVC.EXE
c:\program files\FICHIERS COMMUNS\MCAFEE\MNA\MCNASVC.EXE
c:\program files\FICHIERS COMMUNS\MCAFEE\MCPROXY\MCPROXY.EXE
c:\program files\MCAFEE\VIRUSSCAN\MCSHIELD.EXE
c:\program files\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\winnt\system32\nvsvc32.exe
c:\winnt\system32\oodag.exe
c:\winnt\system32\PSIService.exe
c:\program files\Fichiers communs\Protexis\License Service\PsiService_2.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Heure de fin: 2008-12-18 20:25:54 - La machine a redémarré [Alfatron]
ComboFix-quarantined-files.txt 2008-12-18 19:25:48
ComboFix2.txt 2008-12-12 15:21:08
Avant-CF: 128,429,031,424 octets libres
Après-CF: 128,420,380,672 octets libres
326 --- E O F --- 2008-11-05 23:00:01
A voir également:
- VIRUS win32/patcher SVP AIDE
- Explorer patcher - Télécharger - Personnalisation
- Opencore legacy patcher - Guide
- Svchost.exe virus - Guide
- Lucky patcher apk - Télécharger - Divers Utilitaires
- Faux message virus iphone ✓ - Forum iPhone
2 réponses
jsfouss
Messages postés
14
Date d'inscription
dimanche 2 juillet 2006
Statut
Membre
Dernière intervention
17 février 2011
1
15 janv. 2009 à 12:43
15 janv. 2009 à 12:43
Je nai pas lecran bleu mais le meme message avec McAFee C:\system32\dmserver.dll virus W32/Patche
Kyttee
Messages postés
8
Date d'inscription
mercredi 25 mai 2005
Statut
Membre
Dernière intervention
5 novembre 2009
1
26 févr. 2009 à 20:25
26 févr. 2009 à 20:25
As-tu réussi à trouver une solution au problème?
