eclypse

Membres / développeurs

Afficher le profil Afficher son activité

Compteur de contenus
696
Inscription
le 6 août 2007
Dernière visite
le 5 septembre 2015

À propos de eclypse

Date de naissance 05/03/1981

Contact Methods

MSN
[email protected]
Website URL
http://www.interdreams.info
ICQ
0

Profile Information

Sexe
Male
Localisation
Angoulême
Intérêts
L'informatique le PHP le C et aussi les amis les sorties

Autres informations

Mes langues
Francais Anglais Espagnol :)

Visiteurs récents du profil

5 451 visualisations du profil

Tonton

le 28 décembre 2021
nthor

le 5 mars 2019

eclypse's Achievements

Extrem Member (7/12)

Réputation sur la communauté

MAJ Windows 8.1.1 – lancement automatique du narrateur.exe

eclypse a posté un sujet dans Windows 8

Bonjour Alors après avoir mes mises à jour de windows après un formatage et une reinstallation complete celui ci me lance le processus narateur.exe a chaque demarage de ma session. que dois je faire ? a part supprimer le fichier incriminé Cordialement
- le 9 septembre 2014
- 1 réponse
eclypse

salut les anciens
- le 29 août 2011
- Signaler
PC infecté

eclypse a répondu à un(e) sujet de chessbrain dans Analyses et éradication malwares

Salut pear et chessbrain avptool est dipo ici mais pas sur ton lien pear bonne journée
- le 25 janvier 2010
- 50 réponses
Recherche dvd 3 restoration ACER 5738ZG [urgent]

eclypse a posté un sujet dans Hardware

Bonjour Voila je cherches le dvd 3 d'un ACER 5738ZG je ne retrouves plus le mien existe t'il un moyen autre que de gaspiller 60 eurors ... De plus existe t'il une méthode pour reformater la table de partition comme à l'origine car la je ne vois plus pqservice Cordialement
- le 2 décembre 2009
[urgent]Pc Caisse d'un cybercafé

eclypse a répondu à un(e) sujet de eclypse dans Analyses et éradication malwares

Re Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:10:46, on 03/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\administrateur.CYBERSTADE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Mozilla Firefox\firefox.exe \Srv-1\cyberstade\Install PC\executable\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1242961011733 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1242960972179 O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cyberstade.lan O17 - HKLM\Software\..\Telephony: DomainName = cyberstade.lan O17 - HKLM\System\CCS\Services\Tcpip\..\{ADD55CEC-C550-45E6-B74E-A2EFCC644CF7}: NameServer = 192.168.0.100 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cyberstade.lan O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cyberstade.lan O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = cyberstade.lan O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 5881 bytes Par contre le combofix a planté au milieu .... reboot manuel du PC Cordialemnt
- le 3 juin 2009
- 11 réponses
[urgent]Pc Caisse d'un cybercafé

eclypse a répondu à un(e) sujet de eclypse dans Analyses et éradication malwares

ComboFix 09-05-30.03 - administrateur 03/06/2009 5:26.6 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1532 [GMT 2:00] Lancé depuis: c:\documents and settings\administrateur.CYBERSTADE\Bureau\ComboFix.exe Commutateurs utilisés :: \\Srv-1\cyberstade\Install PC\CFscript2.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\mgjkp.dll" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IEVEFCN -------\Legacy_NWDDQSGJ -------\Legacy_OHLZZD -------\Legacy_YNPGFZVWH -------\Service_ievefcn -------\Service_nwddqsgj -------\Service_ohlzzd -------\Service_ynpgfzvwh ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-03 au 2009-06-03 )))))))))))))))))))))))))))))))))))) . 2009-06-02 12:29 . 2009-06-02 12:29 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\AbiSuite 2009-06-02 12:28 . 2009-06-02 12:29 -------- d-----w c:\program files\AbiSuite2 2009-05-30 20:06 . 2008-12-17 05:55 195096 ----a-w c:\windows\system32\lvci11901262.dll 2009-05-30 20:02 . 2009-05-30 20:02 -------- d-----w c:\program files\ma-config.com 2009-05-30 20:02 . 2009-05-30 20:02 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2009-05-30 19:55 . 2009-05-30 20:11 194648 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-30 19:47 . 2009-05-30 19:47 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-05-30 18:04 . 2009-05-30 18:09 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Rockstar Games 2009-05-30 18:00 . 2008-05-30 12:19 507400 ----a-w c:\windows\system32\XAudio2_1.dll 2009-05-30 18:00 . 2008-05-30 12:17 65032 ----a-w c:\windows\system32\XAPOFX1_0.dll 2009-05-30 18:00 . 2008-05-30 12:18 238088 ----a-w c:\windows\system32\xactengine3_1.dll 2009-05-30 18:00 . 2008-05-30 12:17 25608 ----a-w c:\windows\system32\X3DAudio1_4.dll 2009-05-30 18:00 . 2008-05-30 12:11 467984 ----a-w c:\windows\system32\d3dx10_38.dll 2009-05-30 18:00 . 2008-05-30 12:11 3850760 ----a-w c:\windows\system32\D3DX9_38.dll 2009-05-30 18:00 . 2008-05-30 12:11 1491992 ----a-w c:\windows\system32\D3DCompiler_38.dll 2009-05-30 17:59 . 2009-05-30 17:59 -------- d-----w c:\windows\Logs 2009-05-30 17:57 . 2009-05-30 17:59 -------- d-----w C:\29a1abc75369e977bf14 2009-05-30 17:57 . 2009-05-30 17:57 -------- d-----w c:\windows\system32\xlive 2009-05-30 17:57 . 2009-05-30 18:17 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2009-05-30 17:30 . 2009-05-30 17:30 -------- d-----w c:\program files\Rockstar Games 2009-05-23 05:58 . 2009-05-23 05:58 -------- d-sh--w c:\documents and settings\administrateur.CYBERSTADE\IECompatCache 2009-05-22 17:45 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll 2009-05-22 15:23 . 2009-05-22 15:23 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Windows Search 2009-05-22 09:35 . 2009-05-22 09:35 -------- d-sh--w c:\documents and settings\administrateur.CYBERSTADE\PrivacIE 2009-05-22 08:58 . 2009-05-22 08:58 -------- d-----r c:\documents and settings\LocalService\Favoris 2009-05-22 05:28 . 2008-06-14 17:33 272768 -c----w c:\windows\system32\dllcache\bthport.sys 2009-05-22 05:28 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys 2009-05-22 05:28 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys 2009-05-22 05:28 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys 2009-05-22 05:28 . 2008-10-15 16:35 337408 -c----w c:\windows\system32\dllcache\netapi32.dll 2009-05-22 05:12 . 2009-05-22 05:12 -------- d-----w c:\windows\l2schemas 2009-05-22 05:12 . 2009-05-22 05:12 -------- d-----w c:\windows\system32\fr 2009-05-22 05:12 . 2009-05-22 05:12 -------- d-----w c:\windows\system32\bits 2009-05-22 05:10 . 2009-05-22 05:12 -------- d-----w c:\windows\ServicePackFiles 2009-05-22 05:03 . 2009-05-22 05:03 -------- d-sh--w c:\documents and settings\LocalService\IETldCache 2009-05-22 05:02 . 2009-05-22 05:02 -------- d-sh--w c:\documents and settings\administrateur.CYBERSTADE\IETldCache 2009-05-22 04:04 . 2009-05-22 04:05 -------- d-----w C:\16419f3366b669dd913e6a2c08a705 2009-05-22 03:55 . 2009-05-22 03:55 -------- d-----w c:\windows\ie8updates 2009-05-22 03:55 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll 2009-05-22 03:54 . 2009-05-22 03:55 -------- dc-h--w c:\windows\ie8 2009-05-22 03:47 . 2009-05-22 03:48 -------- d-----w C:\256db5ca899894069a119cd228fb 2009-05-22 03:41 . 2009-06-02 14:44 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Tracing 2009-05-22 03:38 . 2009-05-22 03:38 -------- d-----w c:\program files\Windows Live SkyDrive 2009-05-22 03:37 . 2009-05-22 03:37 -------- d-----w c:\program files\Fichiers communs\Windows Live 2009-05-22 03:36 . 2009-05-22 03:36 -------- d-----w c:\program files\Microsoft Silverlight 2009-05-22 03:36 . 2009-05-22 03:36 -------- d-----w c:\program files\Microsoft 2009-05-22 03:35 . 2009-05-22 04:18 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2009-05-22 03:35 . 2009-05-22 03:35 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Windows Desktop Search 2009-05-22 03:34 . 2009-05-22 03:34 -------- d-----w c:\program files\Windows Desktop Search 2009-05-22 03:34 . 2009-05-22 03:34 -------- d-----w c:\windows\system32\GroupPolicy 2009-05-22 03:34 . 2009-05-22 03:34 -------- d-----w c:\program files\Windows Media Connect 2 2009-05-22 03:32 . 2009-05-22 03:34 -------- d-----w C:\ad6055a07064651d0d439eadb8bc 2009-05-22 03:31 . 2009-05-22 03:32 -------- d-----w C:\25b94b873eb42f49d1e534d39de5 2009-05-22 03:31 . 2009-05-22 03:32 -------- d-----w c:\windows\system32\drivers\UMDF 2009-05-22 03:30 . 2009-05-22 03:31 -------- d-----w C:\4b5f7b9cb3ff552b648fc199 2009-05-22 03:02 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll 2009-05-22 03:01 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-05-22 00:31 . 2009-05-22 00:31 -------- d-----w c:\windows\ERUNT 2009-05-20 12:04 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-20 12:04 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-20 12:04 . 2009-05-20 12:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-20 09:56 . 2009-05-20 10:03 -------- d-----w c:\program files\Woonoz 2009-05-20 06:30 . 2009-03-30 08:32 96104 ----a-w c:\windows\system32\drivers\avipbb.sys 2009-05-20 06:30 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-05-20 06:30 . 2009-02-13 10:28 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys 2009-05-20 06:30 . 2009-02-13 10:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys 2009-05-20 06:30 . 2009-05-20 06:30 -------- d-----w c:\program files\Avira 2009-05-20 06:30 . 2009-05-20 06:30 -------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-05-16 09:05 . 2009-05-16 09:05 8854 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\Uninstall_Namco_Muse_6FD27D5CCAFD4721825FD0DDE6C960D2.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ffe.exe1_2FCAB582E6F945AF988D869015108473.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ffe.exe_2FCAB582E6F945AF988D869015108473.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ARPPRODUCTICON.exe 2009-05-16 09:05 . 2009-05-16 09:05 -------- d-----w c:\program files\Namco 2009-05-08 14:38 . 2009-05-08 14:38 -------- d-----w c:\program files\CCleaner 2009-05-06 17:43 . 2009-05-19 10:21 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Loc.Mail.Bron.Tok . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-02 16:52 . 2009-04-11 18:26 -------- d-----w c:\program files\Garena 2009-06-02 12:48 . 2009-01-15 12:51 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-06-02 09:28 . 2009-02-03 14:01 1 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-06-01 17:46 . 2008-09-29 16:46 -------- d-----w c:\program files\Warcraft III 2009-05-30 20:07 . 2008-06-20 13:13 -------- d-----w c:\program files\Fichiers communs\LogiShrd 2009-05-30 20:06 . 2008-06-20 13:13 -------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd 2009-05-30 20:06 . 2008-10-28 03:35 -------- d-----w c:\program files\Logitech 2009-05-30 18:01 . 2008-11-12 09:49 107888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-05-30 17:30 . 2008-06-20 12:04 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-28 21:45 . 2008-06-20 12:31 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-22 18:57 . 2007-10-29 12:00 80956 ----a-w c:\windows\system32\perfc00C.dat 2009-05-22 18:57 . 2007-10-29 12:00 503690 ----a-w c:\windows\system32\perfh00C.dat 2009-05-22 08:46 . 2008-09-27 02:07 91568 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-22 05:13 . 2008-06-20 11:47 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-05-22 03:57 . 2008-06-20 12:55 -------- d-----w c:\program files\Microsoft Works 2009-05-22 03:55 . 2008-09-27 18:00 -------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2009-05-22 03:38 . 2008-06-20 14:28 -------- d-----w c:\program files\Windows Live 2009-05-21 12:54 . 2008-11-20 18:42 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\U3 2009-05-20 19:47 . 2009-02-06 14:00 -------- d-----w c:\program files\World of Warcraft 2009-05-16 09:04 . 2008-06-20 11:54 -------- d-----w c:\program files\Fichiers communs\InstallShield 2009-05-13 13:33 . 2008-09-27 17:57 -------- d-----w c:\program files\Dofus 2009-05-08 15:20 . 2008-09-28 23:21 -------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment 2009-05-08 15:17 . 2009-01-15 12:51 -------- d-----w c:\program files\Google 2009-05-08 14:49 . 2008-08-01 07:19 81984 ----a-w c:\windows\system32\bdod.bin 2009-05-08 10:48 . 2008-11-12 09:25 -------- d-----w c:\program files\L'Entraîneur 2006 2009-05-03 20:01 . 2008-11-20 10:33 -------- d-----w c:\program files\Steam 2009-04-27 18:59 . 2008-12-02 01:32 -------- d-----w c:\program files\Curse 2009-04-25 18:28 . 2009-03-11 20:17 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\teamspeak2 2009-04-23 15:45 . 2009-04-23 15:44 -------- d-----w c:\program files\QuickTime 2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w c:\windows\system32\xlive.dll 2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll 2009-04-16 17:51 . 2009-04-16 17:44 -------- d-----w c:\program files\Metin2_France 2009-04-10 14:03 . 2009-01-06 10:56 334912 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll 2009-04-10 14:02 . 2009-01-06 10:56 171072 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\uix86.dll 2009-04-10 14:02 . 2008-09-28 20:36 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-04-10 14:02 . 2008-09-28 20:35 189784 ----a-w c:\windows\system32\PnkBstrB.exe 2009-04-10 14:02 . 2009-01-06 10:56 874660 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbcl.dll 2009-04-10 14:02 . 2009-01-06 10:56 57344 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbag.dll 2009-04-10 14:02 . 2009-01-06 10:56 479232 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbsv.dll 2009-04-10 14:02 . 2009-01-06 10:56 2669632 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\quakelive.dll 2009-04-10 13:57 . 2008-09-28 20:35 75064 ----a-w c:\windows\system32\PnkBstrA.exe 2009-04-10 13:44 . 2008-09-28 20:36 22328 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\PnkBstrK.sys 2009-04-10 13:44 . 2008-09-28 20:36 22328 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\PnkBstrK.sys 2009-04-10 13:43 . 2008-09-28 20:35 2246144 ----a-w c:\windows\system32\pbsvc.exe 2009-03-30 06:50 . 2009-03-30 06:50 152576 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-03-25 08:46 . 2009-03-25 08:46 625728 ----a-w c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll 2009-03-09 03:19 . 2008-12-14 12:37 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-08 02:34 . 2007-10-29 12:00 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 02:34 . 2007-10-29 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 02:33 . 2007-10-29 12:00 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 02:33 . 2007-10-29 12:00 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 02:32 . 2007-10-29 12:00 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 02:32 . 2007-10-29 12:00 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 02:31 . 2007-10-29 12:00 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 02:31 . 2007-10-29 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 02:31 . 2007-10-29 12:00 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 02:22 . 2007-10-29 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 14:20 . 2007-10-29 12:00 286720 ----a-w c:\windows\system32\pdh.dll 2009-03-05 22:45 . 2009-03-05 22:45 12800 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Thinstall\Quake III Arena\4000003da00002i\quake3.exe 2008-09-27 03:56 . 2008-09-27 03:56 15397 ----a-w c:\program files\settings.dat . ((((((((((((((((((((((((((((( SnapShot@2009-05-30_21.42.15 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-03 03:32 . 2009-06-03 03:32 16384 c:\windows\temp\Perflib_Perfdata_738.dat + 2009-06-03 03:32 . 2008-12-16 19:59 109080 c:\windows\temp\logishrd\LVPrcInj01.dll - 2009-05-30 21:41 . 2008-12-16 19:59 109080 c:\windows\temp\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKLM\~\startupfolder\C:^Documents and Settings^administrateur.CYBERSTADE^Menu Démarrer^Programmes^Démarrage^Empty.pif] path=c:\documents and settings\administrateur.CYBERSTADE\Menu Démarrer\Programmes\Démarrage\Empty.pif backup=c:\windows\pss\Empty.pifStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/05/2009 08:30 108289] R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [23/06/2008 17:24 1121536] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contenu du dossier 'Tâches planifiées' 2009-06-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-15 19:25] 2009-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1881933800-2416438935-2271469046-500.job - c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 21:47] . . ------- Examen supplémentaire ------- . TCP: {ADD55CEC-C550-45E6-B74E-A2EFCC644CF7} = 192.168.0.100 FF - ProfilePath - c:\documents and settings\administrateur.CYBERSTADE\Application Data\Mozilla\Firefox\Profiles\arl8etxo.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - plugin: c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-03 05:37 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1881933800-2416438935-2271469046-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,90,41,5b,e7,ed,b0,45,bb,9a,af,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,90,41,5b,e7,ed,b0,45,bb,9a,af,\ [HKEY_USERS\S-1-5-21-1881933800-2416438935-2271469046-500\Software\SecuROM\License information*] "datasecu"=hex:83,ec,ce,39,4b,d4,02,df,c9,8b,5f,c4,34,9e,15,e0,31,47,75,5c,4d, e8,0b,97,f3,71,bb,08,b2,38,21,39,36,ca,c2,78,f0,ce,c7,82,54,5b,67,38,93,f6,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,bb,88,18,06,dd, 4b,f0,93,c8,28,51,af,b0,29,a3,98,91,45,1c,27,36,e6,56,ae,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,82,d8,95,42,f2, e4,97,e5,71,3b,04,66,8b,46,0d,96,98,ba,db,16,95,bb,83,90,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,2d,c7,52,d5,9e, c1,c8,1e,25,da,ec,7e,55,20,c9,26,86,c2,2f,d6,d9,02,80,0c,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,3a,0e,72,1e,ad, f3,97,8d,3e,1e,9e,e0,57,5a,93,61,ed,4e,f5,a8,e1,42,c6,c9,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,88,b3,35,eb,5a, ab,6c,1d,cd,44,cd,b9,a6,33,6c,cd,d7,78,b5,af,b8,3f,38,8e,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,22,92,7e,cf,04, a9,42,8a,b0,18,ed,a7,3f,8d,37,a4,15,b0,8e,ab,d9,bc,e5,e0,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,e2,0b,04,1b,79, 5a,0d,74,31,77,e1,ba,b1,f8,68,02,d4,8a,7e,0e,0a,d3,c9,b7,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,e6,a2,ec,fe,b7, be,c9,81,83,6c,56,8b,a0,85,96,ab,ac,fb,9b,d3,ad,41,3f,00,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,2a,47,03,c8,76, f4,f5,ac,51,fa,6e,91,28,9e,14,cc,05,8b,26,22,94,bb,8c,0e,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,b0,3a,03,c3,59, a8,0b,e6,b1,cd,45,5a,a8,c4,f8,b9,e9,df,bb,fc,07,ec,94,f5,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,55,74,c9,fe,f3, 65,cb,c2,e3,0e,66,d5,eb,bc,2f,6b,22,69,2b,f6,93,82,b9,70,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,a6,8c,b1,15,ea, 61,8e,9e,fa,ea,66,7f,d4,3b,6b,70,0c,a6,e1,4d,70,d4,72,e6,6c,43,2d,1e,aa,22,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(840) c:\program files\Bonjour\mdnsNSP.dll - - - - - - - > 'explorer.exe'(8084) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\ieframe.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\wpdshext.dll c:\windows\system32\Audiodev.dll c:\windows\system32\WMVCore.DLL c:\windows\system32\WMASF.DLL . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\searchindexer.exe c:\windows\system32\searchprotocolhost.exe c:\windows\system32\searchfilterhost.exe . ************************************************************************** . Heure de fin: 2009-06-03 5:44 - La machine a redémarré ComboFix-quarantined-files.txt 2009-06-03 03:44 ComboFix2.txt 2009-05-30 22:11 ComboFix3.txt 2009-05-30 21:50 Avant-CF: 127 405 252 608 octets libres Après-CF: 127 233 998 848 octets libres 349 --- E O F --- 2009-05-22 18:50
- le 3 juin 2009
- 11 réponses
[urgent]Pc Caisse d'un cybercafé

eclypse a répondu à un(e) sujet de eclypse dans Analyses et éradication malwares

Salut ComboFix 09-05-30.03 - administrateur 30/05/2009 23:24.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1616 [GMT 2:00] Lancé depuis: c:\documents and settings\administrateur.CYBERSTADE\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\administrateur.CYBERSTADE\Bureau\CFscript.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\documents and settings\administrateur.CYBERSTADE\Menu Démarrer\Programmes\Démarrage\Empty.pif" "c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\bob.exe" "c:\windows\system32\01407.tmp" "c:\windows\system32\034D.tmp" "c:\windows\system32\03CB.tmp" "c:\windows\system32\0640.tmp" "c:\windows\system32\mgjkp.dll" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Ê¢´óÍøÂç C:\RESTORE c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-30 )))))))))))))))))))))))))))))))))))) . 2009-05-30 20:06 . 2008-12-17 05:55 195096 ----a-w c:\windows\system32\lvci11901262.dll 2009-05-30 20:02 . 2009-05-30 20:02 -------- d-----w c:\program files\ma-config.com 2009-05-30 20:02 . 2009-05-30 20:02 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2009-05-30 19:55 . 2009-05-30 20:11 194648 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-30 19:47 . 2009-05-30 19:47 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-05-30 18:04 . 2009-05-30 18:09 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Rockstar Games 2009-05-30 18:00 . 2008-05-30 12:19 507400 ----a-w c:\windows\system32\XAudio2_1.dll 2009-05-30 18:00 . 2008-05-30 12:17 65032 ----a-w c:\windows\system32\XAPOFX1_0.dll 2009-05-30 18:00 . 2008-05-30 12:18 238088 ----a-w c:\windows\system32\xactengine3_1.dll 2009-05-30 18:00 . 2008-05-30 12:17 25608 ----a-w c:\windows\system32\X3DAudio1_4.dll 2009-05-30 18:00 . 2008-05-30 12:11 467984 ----a-w c:\windows\system32\d3dx10_38.dll 2009-05-30 18:00 . 2008-05-30 12:11 3850760 ----a-w c:\windows\system32\D3DX9_38.dll 2009-05-30 18:00 . 2008-05-30 12:11 1491992 ----a-w c:\windows\system32\D3DCompiler_38.dll 2009-05-30 17:59 . 2009-05-30 17:59 -------- d-----w c:\windows\Logs 2009-05-30 17:57 . 2009-05-30 17:59 -------- d-----w C:\29a1abc75369e977bf14 2009-05-30 17:57 . 2009-05-30 17:57 -------- d-----w c:\windows\system32\xlive 2009-05-30 17:57 . 2009-05-30 18:17 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2009-05-30 17:30 . 2009-05-30 17:30 -------- d-----w c:\program files\Rockstar Games 2009-05-23 05:58 . 2009-05-23 05:58 -------- d-sh--w c:\documents and settings\administrateur.CYBERSTADE\IECompatCache 2009-05-22 17:45 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll 2009-05-22 15:23 . 2009-05-22 15:23 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Windows Search 2009-05-22 09:35 . 2009-05-22 09:35 -------- d-sh--w c:\documents and settings\administrateur.CYBERSTADE\PrivacIE 2009-05-22 08:58 . 2009-05-22 08:58 -------- d-----r c:\documents and settings\LocalService\Favoris 2009-05-22 05:28 . 2008-06-14 17:33 272768 -c----w c:\windows\system32\dllcache\bthport.sys 2009-05-22 05:28 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys 2009-05-22 05:28 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys 2009-05-22 05:28 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys 2009-05-22 05:28 . 2008-10-15 16:35 337408 -c----w c:\windows\system32\dllcache\netapi32.dll 2009-05-22 05:12 . 2009-05-22 05:12 -------- d-----w c:\windows\l2schemas 2009-05-22 05:12 . 2009-05-22 05:12 -------- d-----w c:\windows\system32\fr 2009-05-22 05:12 . 2009-05-22 05:12 -------- d-----w c:\windows\system32\bits 2009-05-22 05:10 . 2009-05-22 05:12 -------- d-----w c:\windows\ServicePackFiles 2009-05-22 05:03 . 2009-05-22 05:03 -------- d-sh--w c:\documents and settings\LocalService\IETldCache 2009-05-22 05:02 . 2009-05-22 05:02 -------- d-sh--w c:\documents and settings\administrateur.CYBERSTADE\IETldCache 2009-05-22 04:04 . 2009-05-22 04:05 -------- d-----w C:\16419f3366b669dd913e6a2c08a705 2009-05-22 03:55 . 2009-05-22 03:55 -------- d-----w c:\windows\ie8updates 2009-05-22 03:55 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll 2009-05-22 03:54 . 2009-05-22 03:55 -------- dc-h--w c:\windows\ie8 2009-05-22 03:47 . 2009-05-22 03:48 -------- d-----w C:\256db5ca899894069a119cd228fb 2009-05-22 03:41 . 2009-05-30 20:31 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Tracing 2009-05-22 03:38 . 2009-05-22 03:38 -------- d-----w c:\program files\Windows Live SkyDrive 2009-05-22 03:37 . 2009-05-22 03:37 -------- d-----w c:\program files\Fichiers communs\Windows Live 2009-05-22 03:36 . 2009-05-22 03:36 -------- d-----w c:\program files\Microsoft Silverlight 2009-05-22 03:36 . 2009-05-22 03:36 -------- d-----w c:\program files\Microsoft 2009-05-22 03:35 . 2009-05-22 04:18 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2009-05-22 03:35 . 2009-05-22 03:35 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Windows Desktop Search 2009-05-22 03:34 . 2009-05-22 03:34 -------- d-----w c:\program files\Windows Desktop Search 2009-05-22 03:34 . 2009-05-22 03:34 -------- d-----w c:\windows\system32\GroupPolicy 2009-05-22 03:34 . 2009-05-22 03:34 -------- d-----w c:\program files\Windows Media Connect 2 2009-05-22 03:32 . 2009-05-22 03:34 -------- d-----w C:\ad6055a07064651d0d439eadb8bc 2009-05-22 03:31 . 2009-05-22 03:32 -------- d-----w C:\25b94b873eb42f49d1e534d39de5 2009-05-22 03:31 . 2009-05-22 03:32 -------- d-----w c:\windows\system32\drivers\UMDF 2009-05-22 03:30 . 2009-05-22 03:31 -------- d-----w C:\4b5f7b9cb3ff552b648fc199 2009-05-22 03:02 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll 2009-05-22 03:01 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-05-22 00:31 . 2009-05-22 00:31 -------- d-----w c:\windows\ERUNT 2009-05-20 12:04 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-20 12:04 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-20 12:04 . 2009-05-20 12:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-20 09:56 . 2009-05-20 10:03 -------- d-----w c:\program files\Woonoz 2009-05-20 06:30 . 2009-03-30 08:32 96104 ----a-w c:\windows\system32\drivers\avipbb.sys 2009-05-20 06:30 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-05-20 06:30 . 2009-02-13 10:28 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys 2009-05-20 06:30 . 2009-02-13 10:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys 2009-05-20 06:30 . 2009-05-20 06:30 -------- d-----w c:\program files\Avira 2009-05-20 06:30 . 2009-05-20 06:30 -------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-05-16 09:05 . 2009-05-16 09:05 8854 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\Uninstall_Namco_Muse_6FD27D5CCAFD4721825FD0DDE6C960D2.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ffe.exe1_2FCAB582E6F945AF988D869015108473.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ffe.exe_2FCAB582E6F945AF988D869015108473.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ARPPRODUCTICON.exe 2009-05-16 09:05 . 2009-05-16 09:05 -------- d-----w c:\program files\Namco 2009-05-08 14:38 . 2009-05-08 14:38 -------- d-----w c:\program files\CCleaner 2009-05-06 17:43 . 2009-05-19 10:21 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Loc.Mail.Bron.Tok . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-30 20:07 . 2008-06-20 13:13 -------- d-----w c:\program files\Fichiers communs\LogiShrd 2009-05-30 20:06 . 2008-06-20 13:13 -------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd 2009-05-30 20:06 . 2008-10-28 03:35 -------- d-----w c:\program files\Logitech 2009-05-30 18:01 . 2008-11-12 09:49 107888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-05-30 17:30 . 2008-06-20 12:04 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-30 10:08 . 2009-02-03 14:01 1 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-05-30 01:02 . 2009-04-11 18:26 -------- d-----w c:\program files\Garena 2009-05-29 23:02 . 2009-01-15 12:51 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-05-28 21:45 . 2008-06-20 12:31 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-27 22:09 . 2008-09-29 16:46 -------- d-----w c:\program files\Warcraft III 2009-05-22 18:57 . 2007-10-29 12:00 80956 ----a-w c:\windows\system32\perfc00C.dat 2009-05-22 18:57 . 2007-10-29 12:00 503690 ----a-w c:\windows\system32\perfh00C.dat 2009-05-22 08:46 . 2008-09-27 02:07 91568 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-22 05:13 . 2008-06-20 11:47 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-05-22 03:57 . 2008-06-20 12:55 -------- d-----w c:\program files\Microsoft Works 2009-05-22 03:55 . 2008-09-27 18:00 -------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2009-05-22 03:38 . 2008-06-20 14:28 -------- d-----w c:\program files\Windows Live 2009-05-21 12:54 . 2008-11-20 18:42 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\U3 2009-05-20 19:47 . 2009-02-06 14:00 -------- d-----w c:\program files\World of Warcraft 2009-05-16 09:04 . 2008-06-20 11:54 -------- d-----w c:\program files\Fichiers communs\InstallShield 2009-05-13 13:33 . 2008-09-27 17:57 -------- d-----w c:\program files\Dofus 2009-05-08 15:20 . 2008-09-28 23:21 -------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment 2009-05-08 15:17 . 2009-01-15 12:51 -------- d-----w c:\program files\Google 2009-05-08 14:49 . 2008-08-01 07:19 81984 ----a-w c:\windows\system32\bdod.bin 2009-05-08 10:48 . 2008-11-12 09:25 -------- d-----w c:\program files\L'Entraîneur 2006 2009-05-03 20:01 . 2008-11-20 10:33 -------- d-----w c:\program files\Steam 2009-04-27 18:59 . 2008-12-02 01:32 -------- d-----w c:\program files\Curse 2009-04-25 18:28 . 2009-03-11 20:17 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\teamspeak2 2009-04-23 15:45 . 2009-04-23 15:44 -------- d-----w c:\program files\QuickTime 2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w c:\windows\system32\xlive.dll 2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll 2009-04-16 17:51 . 2009-04-16 17:44 -------- d-----w c:\program files\Metin2_France 2009-04-10 14:03 . 2009-01-06 10:56 334912 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll 2009-04-10 14:02 . 2009-01-06 10:56 171072 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\uix86.dll 2009-04-10 14:02 . 2008-09-28 20:36 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-04-10 14:02 . 2008-09-28 20:35 189784 ----a-w c:\windows\system32\PnkBstrB.exe 2009-04-10 14:02 . 2009-01-06 10:56 874660 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbcl.dll 2009-04-10 14:02 . 2009-01-06 10:56 57344 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbag.dll 2009-04-10 14:02 . 2009-01-06 10:56 479232 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbsv.dll 2009-04-10 14:02 . 2009-01-06 10:56 2669632 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\quakelive.dll 2009-04-10 13:57 . 2008-09-28 20:35 75064 ----a-w c:\windows\system32\PnkBstrA.exe 2009-04-10 13:44 . 2008-09-28 20:36 22328 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\PnkBstrK.sys 2009-04-10 13:44 . 2008-09-28 20:36 22328 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\PnkBstrK.sys 2009-04-10 13:43 . 2008-09-28 20:35 2246144 ----a-w c:\windows\system32\pbsvc.exe 2009-03-30 06:50 . 2009-03-30 06:50 152576 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-03-25 08:46 . 2009-03-25 08:46 625728 ----a-w c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll 2009-03-09 03:19 . 2008-12-14 12:37 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-08 02:34 . 2007-10-29 12:00 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 02:34 . 2007-10-29 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 02:33 . 2007-10-29 12:00 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 02:33 . 2007-10-29 12:00 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 02:32 . 2007-10-29 12:00 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 02:32 . 2007-10-29 12:00 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 02:31 . 2007-10-29 12:00 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 02:31 . 2007-10-29 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 02:31 . 2007-10-29 12:00 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 02:22 . 2007-10-29 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 14:20 . 2007-10-29 12:00 286720 ----a-w c:\windows\system32\pdh.dll 2009-03-05 22:45 . 2009-03-05 22:45 12800 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Thinstall\Quake III Arena\4000003da00002i\quake3.exe 2008-09-27 03:56 . 2008-09-27 03:56 15397 ----a-w c:\program files\settings.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKLM\~\startupfolder\C:^Documents and Settings^administrateur.CYBERSTADE^Menu Démarrer^Programmes^Démarrage^Empty.pif] path=c:\documents and settings\administrateur.CYBERSTADE\Menu Démarrer\Programmes\Démarrage\Empty.pif backup=c:\windows\pss\Empty.pifStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/05/2009 08:30 108289] R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [23/06/2008 17:24 1121536] S2 ievefcn;dtgqv;c:\windows\system32\svchost.exe -k netsvcs [29/10/2007 14:00 14336] S2 nwddqsgj;Shell Universal;c:\windows\system32\svchost.exe -k netsvcs [29/10/2007 14:00 14336] S2 ohlzzd;Security Helper;c:\windows\system32\svchost.exe -k netsvcs [29/10/2007 14:00 14336] S2 ynpgfzvwh;System Microsoft;c:\windows\system32\svchost.exe -k netsvcs [29/10/2007 14:00 14336] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs nwddqsgj ohlzzd ynpgfzvwh ievefcn [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contenu du dossier 'Tâches planifiées' 2009-05-30 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-15 19:25] 2009-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1881933800-2416438935-2271469046-500.job - c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 21:47] . - - - - ORPHELINS SUPPRIMES - - - - SafeBoot-procexp90.Sys . ------- Examen supplémentaire ------- . TCP: {ADD55CEC-C550-45E6-B74E-A2EFCC644CF7} = 192.168.0.100 FF - ProfilePath - c:\documents and settings\administrateur.CYBERSTADE\Application Data\Mozilla\Firefox\Profiles\arl8etxo.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - plugin: c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-30 23:42 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ievefcn] "ServiceDll"="c:\windows\system32\mgjkp.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nwddqsgj] "ServiceDll"="c:\windows\system32\mgjkp.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohlzzd] "ServiceDll"="c:\windows\system32\mgjkp.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ynpgfzvwh] "ServiceDll"="c:\windows\system32\mgjkp.dll" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1881933800-2416438935-2271469046-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,90,41,5b,e7,ed,b0,45,bb,9a,af,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,90,41,5b,e7,ed,b0,45,bb,9a,af,\ [HKEY_USERS\S-1-5-21-1881933800-2416438935-2271469046-500\Software\SecuROM\License information*] "datasecu"=hex:83,ec,ce,39,4b,d4,02,df,c9,8b,5f,c4,34,9e,15,e0,31,47,75,5c,4d, e8,0b,97,f3,71,bb,08,b2,38,21,39,36,ca,c2,78,f0,ce,c7,82,54,5b,67,38,93,f6,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,bb,88,18,06,dd, 4b,f0,93,c8,28,51,af,b0,29,a3,98,91,45,1c,27,36,e6,56,ae,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,82,d8,95,42,f2, e4,97,e5,71,3b,04,66,8b,46,0d,96,98,ba,db,16,95,bb,83,90,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,2d,c7,52,d5,9e, c1,c8,1e,25,da,ec,7e,55,20,c9,26,86,c2,2f,d6,d9,02,80,0c,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,3a,0e,72,1e,ad, f3,97,8d,3e,1e,9e,e0,57,5a,93,61,ed,4e,f5,a8,e1,42,c6,c9,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,88,b3,35,eb,5a, ab,6c,1d,cd,44,cd,b9,a6,33,6c,cd,d7,78,b5,af,b8,3f,38,8e,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,22,92,7e,cf,04, a9,42,8a,b0,18,ed,a7,3f,8d,37,a4,15,b0,8e,ab,d9,bc,e5,e0,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,e2,0b,04,1b,79, 5a,0d,74,31,77,e1,ba,b1,f8,68,02,d4,8a,7e,0e,0a,d3,c9,b7,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,e6,a2,ec,fe,b7, be,c9,81,83,6c,56,8b,a0,85,96,ab,ac,fb,9b,d3,ad,41,3f,00,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,2a,47,03,c8,76, f4,f5,ac,51,fa,6e,91,28,9e,14,cc,05,8b,26,22,94,bb,8c,0e,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,b0,3a,03,c3,59, a8,0b,e6,b1,cd,45,5a,a8,c4,f8,b9,e9,df,bb,fc,07,ec,94,f5,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,55,74,c9,fe,f3, 65,cb,c2,e3,0e,66,d5,eb,bc,2f,6b,22,69,2b,f6,93,82,b9,70,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,a6,8c,b1,15,ea, 61,8e,9e,fa,ea,66,7f,d4,3b,6b,70,0c,a6,e1,4d,70,d4,72,e6,6c,43,2d,1e,aa,22,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(844) c:\program files\Bonjour\mdnsNSP.dll - - - - - - - > 'explorer.exe'(7820) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\ieframe.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\searchindexer.exe c:\windows\system32\searchprotocolhost.exe c:\windows\system32\searchfilterhost.exe . ************************************************************************** . Heure de fin: 2009-05-30 23:50 - La machine a redémarré ComboFix-quarantined-files.txt 2009-05-30 21:50 Avant-CF: 126 491 959 296 octets libres Après-CF: 126 462 050 304 octets libres 366 --- E O F --- 2009-05-22 18:50 il plante o milieu obliger de reboot le pc à la main @+
- le 30 mai 2009
- 11 réponses
[urgent]Pc Caisse d'un cybercafé

eclypse a répondu à un(e) sujet de eclypse dans Analyses et éradication malwares

Salut Peux tu remettre le lien du fichier il est expiré @+
- le 30 mai 2009
- 11 réponses
[urgent]Pc Caisse d'un cybercafé

eclypse a répondu à un(e) sujet de eclypse dans Analyses et éradication malwares

Salut Falkra Voila comme convenu ComboFix 09-05-21.01 - administrateur 05/22/2009 1:44.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2046.1525 [GMT 2:00] Running from: c:\documents and settings\administrateur.CYBERSTADE\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\administrateur.CYBERSTADE\Application Data\.# c:\documents and settings\administrateur.CYBERSTADE\Application Data\.#\MBX@1708@A141A8.### c:\documents and settings\administrateur.CYBERSTADE\Application Data\.#\MBX@1708@A141D8.### c:\documents and settings\administrateur.CYBERSTADE\Application Data\.#\MBX@1708@A14208.### c:\documents and settings\administrateur.CYBERSTADE\Application Data\.#\MBX@1FA4@A141A8.### c:\documents and settings\administrateur.CYBERSTADE\Application Data\.#\MBX@1FA4@A141D8.### c:\documents and settings\administrateur.CYBERSTADE\Application Data\.#\MBX@1FA4@A14208.### c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013 c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\bob.exe c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\windows\system32\Ijl11.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll ----- BITS: Possible infected sites ----- hxxp://srv-1 . ((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 ))))))))))))))))))))))))))))))) . 2009-05-20 13:46 . 2009-05-21 23:45 -------- d-sh--r C:\RESTORE 2009-05-20 12:04 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-20 12:04 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-20 12:04 . 2009-05-20 12:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-20 09:56 . 2009-05-20 10:03 -------- d-----w c:\program files\Woonoz 2009-05-20 06:30 . 2009-03-30 08:32 96104 ----a-w c:\windows\system32\drivers\avipbb.sys 2009-05-20 06:30 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-05-20 06:30 . 2009-02-13 10:28 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys 2009-05-20 06:30 . 2009-02-13 10:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys 2009-05-20 06:30 . 2009-05-20 06:30 -------- d-----w c:\program files\Avira 2009-05-20 06:30 . 2009-05-20 06:30 -------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-05-20 05:45 . 2009-05-20 05:45 3544 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok.A9.em.bin 2009-05-19 22:00 . 2009-05-19 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-20 2009-05-18 22:00 . 2009-05-18 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-19 2009-05-17 22:00 . 2009-05-17 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-18 2009-05-16 22:00 . 2009-05-16 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-17 2009-05-16 09:05 . 2009-05-16 09:05 8854 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\Uninstall_Namco_Muse_6FD27D5CCAFD4721825FD0DDE6C960D2.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ffe.exe1_2FCAB582E6F945AF988D869015108473.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ffe.exe_2FCAB582E6F945AF988D869015108473.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ARPPRODUCTICON.exe 2009-05-16 09:05 . 2009-05-16 09:05 -------- d-----w c:\program files\Namco 2009-05-15 22:00 . 2009-05-15 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-16 2009-05-14 22:00 . 2009-05-14 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-15 2009-05-13 22:00 . 2009-05-13 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-14 2009-05-12 22:00 . 2009-05-12 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-13 2009-05-12 16:22 . 2009-05-12 16:22 57344 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-36e50021-n\Decora-SSE.dll 2009-05-12 16:22 . 2009-05-12 16:22 24064 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-3c017a66-n\Decora-D3D.dll 2009-05-12 16:22 . 2009-05-12 16:22 315392 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5a1a7d5f-n\jogl.dll 2009-05-12 16:22 . 2009-05-12 16:22 20480 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5a1a7d5f-n\jogl_awt.dll 2009-05-12 16:22 . 2009-05-12 16:22 114688 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5a1a7d5f-n\jogl_cg.dll 2009-05-12 16:22 . 2009-05-12 16:22 499712 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5bf2b31c-n\msvcp71.dll 2009-05-12 16:22 . 2009-05-12 16:22 499712 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5bf2b31c-n\jmc.dll 2009-05-12 16:22 . 2009-05-12 16:22 348160 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5bf2b31c-n\msvcr71.dll 2009-05-12 16:22 . 2009-05-12 16:22 20480 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-27c1967d-n\gluegen-rt.dll 2009-05-11 22:00 . 2009-05-11 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-12 2009-05-10 22:00 . 2009-05-10 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-11 2009-05-09 22:00 . 2009-05-09 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-10 2009-05-08 22:00 . 2009-05-08 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-9 2009-05-08 14:38 . 2009-05-08 14:38 -------- d-----w c:\program files\CCleaner 2009-05-08 13:51 . 2009-05-09 22:11 -------- d-----w c:\program files\Ê¢´óÍøÂç 2009-05-07 22:00 . 2009-05-07 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-8 2009-05-06 22:00 . 2009-05-06 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-7 2009-05-06 17:43 . 2009-05-19 10:21 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Loc.Mail.Bron.Tok 2009-05-06 17:43 . 2009-05-06 17:43 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Ok-SendMail-Bron-tok 2009-05-06 17:37 . 2009-05-06 17:37 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-6 2009-04-23 15:44 . 2009-04-23 15:45 -------- d-----w c:\program files\QuickTime . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-21 12:54 . 2008-11-20 18:42 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\U3 2009-05-20 19:47 . 2009-02-06 14:00 -------- d-----w c:\program files\World of Warcraft 2009-05-19 13:36 . 2009-02-03 14:01 1 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-05-19 13:23 . 2009-01-15 12:51 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-05-17 16:57 . 2008-09-29 16:46 -------- d-----w c:\program files\Warcraft III 2009-05-17 15:51 . 2009-04-11 18:26 -------- d-----w c:\program files\Garena 2009-05-16 09:04 . 2008-06-20 11:54 -------- d-----w c:\program files\Fichiers communs\InstallShield 2009-05-13 13:33 . 2008-09-27 17:57 -------- d-----w c:\program files\Dofus 2009-05-09 22:11 . 2009-05-08 13:51 -------- d-----w c:\program files\Ê¢´óÍøÂç 2009-05-09 22:08 . 2008-09-27 02:07 91568 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-08 15:20 . 2008-09-28 23:21 -------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment 2009-05-08 15:17 . 2009-01-15 12:51 -------- d-----w c:\program files\Google 2009-05-08 14:49 . 2008-08-01 07:19 81984 ----a-w c:\windows\system32\bdod.bin 2009-05-08 10:48 . 2008-11-12 09:25 -------- d-----w c:\program files\L'Entraîneur 2006 2009-05-06 18:02 . 2008-06-20 12:31 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-03 20:01 . 2008-11-20 10:33 -------- d-----w c:\program files\Steam 2009-04-28 03:29 . 2009-03-08 18:56 265416 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-27 18:59 . 2008-12-02 01:32 -------- d-----w c:\program files\Curse 2009-04-25 18:28 . 2009-03-11 20:17 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\teamspeak2 2009-04-16 17:51 . 2009-04-16 17:44 -------- d-----w c:\program files\Metin2_France 2009-04-10 14:03 . 2009-01-06 10:56 334912 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll 2009-04-10 14:02 . 2009-01-06 10:56 171072 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\uix86.dll 2009-04-10 14:02 . 2008-09-28 20:36 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-04-10 14:02 . 2008-09-28 20:35 189784 ----a-w c:\windows\system32\PnkBstrB.exe 2009-04-10 14:02 . 2009-01-06 10:56 874660 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbcl.dll 2009-04-10 14:02 . 2009-01-06 10:56 57344 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbag.dll 2009-04-10 14:02 . 2009-01-06 10:56 479232 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbsv.dll 2009-04-10 14:02 . 2009-01-06 10:56 2669632 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\quakelive.dll 2009-04-10 13:57 . 2008-09-28 20:35 75064 ----a-w c:\windows\system32\PnkBstrA.exe 2009-04-10 13:44 . 2008-09-28 20:36 22328 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\PnkBstrK.sys 2009-04-10 13:44 . 2008-09-28 20:36 22328 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\PnkBstrK.sys 2009-04-10 13:43 . 2008-09-28 20:35 2246144 ----a-w c:\windows\system32\pbsvc.exe 2009-03-31 07:13 . 2007-10-29 12:00 83924 ----a-w c:\windows\system32\perfc00C.dat 2009-03-31 07:13 . 2007-10-29 12:00 507248 ----a-w c:\windows\system32\perfh00C.dat 2009-03-30 07:12 . 2008-09-27 18:39 -------- d-----w c:\program files\Java 2009-03-30 06:50 . 2009-03-30 06:50 152576 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-03-26 19:10 . 2009-03-26 19:09 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Download Manager 2009-03-25 08:46 . 2009-03-25 08:46 625728 ----a-w c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll 2009-03-24 09:53 . 2008-06-20 12:16 -------- d-----w c:\program files\Fichiers communs\Adobe 2009-03-23 19:15 . 2009-03-11 20:04 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Mumble 2009-03-12 05:44 . 2009-03-12 14:06 1027408 ----a-w c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGUserCSTool.exe 2009-03-12 05:43 . 2009-03-12 14:06 434176 ----a-w c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll 2009-03-09 03:19 . 2008-12-14 12:37 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-05 22:45 . 2009-03-05 22:45 12800 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Thinstall\Quake III Arena\4000003da00002i\quake3.exe 2009-03-03 22:45 . 2009-03-12 14:06 81920 ----a-w c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMobileDL.dll 2008-09-27 03:56 . 2008-09-27 03:56 15397 ----a-w c:\program files\settings.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2007-10-29 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408] "Google Update"="c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-21 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2007-10-29 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048] [HKLM\~\startupfolder\C:^Documents and Settings^administrateur.CYBERSTADE^Menu Démarrer^Programmes^Démarrage^Empty.pif] path=c:\documents and settings\administrateur.CYBERSTADE\Menu Démarrer\Programmes\Démarrage\Empty.pif backup=c:\windows\pss\Empty.pifStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [5/20/2009 8:30 AM 108289] R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [6/23/2008 5:24 PM 1121536] S2 ievefcn;dtgqv;c:\windows\system32\svchost.exe -k netsvcs [10/29/2007 2:00 PM 14336] S2 nwddqsgj;Shell Universal;c:\windows\system32\svchost.exe -k netsvcs [10/29/2007 2:00 PM 14336] S2 ohlzzd;Security Helper;c:\windows\system32\svchost.exe -k netsvcs [10/29/2007 2:00 PM 14336] S2 ynpgfzvwh;System Microsoft;c:\windows\system32\svchost.exe -k netsvcs [10/29/2007 2:00 PM 14336] S3 kiowznvsp;kiowznvsp;\??\c:\windows\system32\03CB.tmp --> c:\windows\system32\03CB.tmp [?] S3 ktmfiaw;ktmfiaw;\??\c:\windows\system32\0640.tmp --> c:\windows\system32\0640.tmp [?] S3 qpkvc;qpkvc;\??\c:\windows\system32\034D.tmp --> c:\windows\system32\034D.tmp [?] S3 qyynu;qyynu;\??\c:\windows\system32\01407.tmp --> c:\windows\system32\01407.tmp [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs nwddqsgj ohlzzd ynpgfzvwh ievefcn [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C631322}] c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\bob.exe . Contents of the 'Scheduled Tasks' folder 2009-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1881933800-2416438935-2271469046-500.job - c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 21:47] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {ADD55CEC-C550-45E6-B74E-A2EFCC644CF7} = 192.168.0.100 FF - ProfilePath - c:\documents and settings\administrateur.CYBERSTADE\Application Data\Mozilla\Firefox\Profiles\arl8etxo.default\ FF - prefs.js: browser.startup.homepage - www.google.Fr FF - plugin: c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-22 01:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kiowznvsp] "ImagePath"="\??\c:\windows\system32\03CB.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ktmfiaw] "ImagePath"="\??\c:\windows\system32\0640.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qpkvc] "ImagePath"="\??\c:\windows\system32\034D.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qyynu] "ImagePath"="\??\c:\windows\system32\01407.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ievefcn] "ServiceDll"="c:\windows\system32\mgjkp.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nwddqsgj] "ServiceDll"="c:\windows\system32\mgjkp.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohlzzd] "ServiceDll"="c:\windows\system32\mgjkp.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ynpgfzvwh] "ServiceDll"="c:\windows\system32\mgjkp.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,bb,88,18,06,dd, 4b,f0,93,c8,28,51,af,b0,29,a3,98,91,45,1c,27,36,e6,56,ae,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,82,d8,95,42,f2, e4,97,e5,71,3b,04,66,8b,46,0d,96,98,ba,db,16,95,bb,83,90,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,2d,c7,52,d5,9e, c1,c8,1e,25,da,ec,7e,55,20,c9,26,86,c2,2f,d6,d9,02,80,0c,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,3a,0e,72,1e,ad, f3,97,8d,3e,1e,9e,e0,57,5a,93,61,ed,4e,f5,a8,e1,42,c6,c9,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,88,b3,35,eb,5a, ab,6c,1d,cd,44,cd,b9,a6,33,6c,cd,d7,78,b5,af,b8,3f,38,8e,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,22,92,7e,cf,04, a9,42,8a,b0,18,ed,a7,3f,8d,37,a4,15,b0,8e,ab,d9,bc,e5,e0,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,e2,0b,04,1b,79, 5a,0d,74,31,77,e1,ba,b1,f8,68,02,d4,8a,7e,0e,0a,d3,c9,b7,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,e6,a2,ec,fe,b7, be,c9,81,83,6c,56,8b,a0,85,96,ab,ac,fb,9b,d3,ad,41,3f,00,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,2a,47,03,c8,76, f4,f5,ac,51,fa,6e,91,28,9e,14,cc,05,8b,26,22,94,bb,8c,0e,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,b0,3a,03,c3,59, a8,0b,e6,b1,cd,45,5a,a8,c4,f8,b9,e9,df,bb,fc,07,ec,94,f5,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,55,74,c9,fe,f3, 65,cb,c2,e3,0e,66,d5,eb,bc,2f,6b,22,69,2b,f6,93,82,b9,70,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,a6,8c,b1,15,ea, 61,8e,9e,fa,ea,66,7f,d4,3b,6b,70,0c,a6,e1,4d,70,d4,72,e6,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(844) c:\program files\Bonjour\mdnsNSP.dll - - - - - - - > 'explorer.exe'(6444) c:\windows\TEMP\logishrd\LVPrcInj01.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\wdfmgr.exe c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe c:\progra~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe . ************************************************************************** . Completion time: 2009-05-21 1:56 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-21 23:56 Pre-Run: 148,751,904,768 octets libres Post-Run: 148,810,395,648 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(2)partition(2)\WINDOWS=Windows XP/2003 327 --- E O F --- 2009-05-21 23:55 J'ai effacer :
- le 21 mai 2009
- 11 réponses
[urgent]Pc Caisse d'un cybercafé

eclypse a posté un sujet dans Analyses et éradication malwares

Salut Alors voila l'antivirus à été delete par un virus ... de plus lors de tentative de nettoyage le pc redemarre tout seul quelque soit le mode utilisé Voici le log hijackthis ------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:14:48 AM, on 5/20/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\Documents and Settings\administrateur.CYBERSTADE\Local Settings\Application Data\winlogon.exe C:\Documents and Settings\administrateur.CYBERSTADE\Local Settings\Application Data\services.exe C:\Documents and Settings\administrateur.CYBERSTADE\Local Settings\Application Data\lsass.exe C:\Documents and Settings\administrateur.CYBERSTADE\Local Settings\Application Data\inetinfo.exe C:\Documents and Settings\administrateur.CYBERSTADE\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe" O1 - Hosts: <!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> O1 - Hosts: <html><head><title>Yahoo! - 503 Service Temporarily Unavailable</title><style> O1 - Hosts: /* nn4 hide */ O1 - Hosts: /*/*/ O1 - Hosts: body {font:small/1.2em arial,helvetica,clean,sans-serif;font:x-small;text-align:center;}table {font-size:inherit;font:x-small;} O1 - Hosts: html>body {font:83%/1.2em arial,helvetica,clean,sans-serif;}input {font-size:100%;vertical-align:middle;}p, form {margin:0;padding:0;} O1 - Hosts: p {padding-bottom:6px;margin-bottom:10px;}#doc {width:48.5em;margin:0 auto;border:1px solid #fff;text-align:center;}#ygma {text-align:right;margin-bottom:53px} O1 - Hosts: h1 {font-size:135%;text-align:center;margin:0 0 15px;}legend {display:none;}fieldset {border:0 solid #fff;padding:.8em 0 .8em 4.5em;} O1 - Hosts: form {position:relative;background:#eee;margin-bottom:15px;border:1px solid #ccc;border-width:1px 0;} O1 - Hosts: form span {position:absolute;left:70%;top:.8em;}form a {font:78%/1.2em arial;display:block;padding-left:.8em;white-space:nowrap;background: url(http://us.i1.yimg.com/us.yimg.com/i/s/bullet.gif) no-repeat left center;} O1 - Hosts: form .sep {display:none;}.more {text-align:center;}#ft {padding-top:10px;border-top:1px solid #999;}#ft p {text-align:center;font:78% arial;} O1 - Hosts: /* end nn4 hide */ O1 - Hosts: </style></head> O1 - Hosts: <body><div id="doc"> O1 - Hosts: <div id="ygma"><a href="http://us.rd.yahoo.com/503/*http://www.yahoo.com"><img O1 - Hosts: src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif O1 - Hosts: width=147 height=31 border=0 alt="Yahoo!"></a><div><a O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://www.yahoo.com">Yahoo!</a>'>http://us.rd.yahoo.com/503/*http://www.yahoo.com">Yahoo!</a> O1 - Hosts: - <a href="http://us.rd.yahoo.com/503/*http://help.yahoo.com">Help</a></div></div> O1 - Hosts: <div id="bd"><h1>Sorry, Service Temporarily Unavailable.</h1> O1 - Hosts: The server is temporarily unable to service your O1 - Hosts: request due to maintenance downtime or capacity O1 - Hosts: problems. Please try again later. O1 - Hosts: <P>Additionally, a 503 Service Temporarily Unavailable O1 - Hosts: error was encountered while trying to use an ErrorDocument to handle the request. O1 - Hosts: <p>Please check the URL for proper spelling and capitalization. If O1 - Hosts: you're having trouble locating a destination on Yahoo!, try visiting the O1 - Hosts: <strong><a O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://www.yahoo.com">Yahoo! home O1 - Hosts: page</a></strong> or look through a list of <strong><a O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://docs.yahoo.com/docs/family/more/">Yahoo!'s O1 - Hosts: online services</a></strong>. Also, you may find what you're looking for O1 - Hosts: if you try searching below.</p> O1 - Hosts: <form name="s1" action="http://us.rd.yahoo.com/503/*-http://search.yahoo.com/search"><fieldset> O1 - Hosts: <legend><label for="s1p">Search the Web</label></legend> O1 - Hosts: <input type="text" size=30 name="p" id="s1p" title="enter search terms here"> O1 - Hosts: <input type="submit" value="Search"> O1 - Hosts: <span><a href="http://us.rd.yahoo.com/503/*http://search.yahoo.com/search/options?p=">advanced search</a> <span class=sep>|</span> <a href="http://us.rd.yahoo.com/503/*http://buzz.yahoo.com">most popular</a></span> O1 - Hosts: </fieldset></form> O1 - Hosts: <p class="more">Please try <strong><a O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://help.yahoo.com">Yahoo! O1 - Hosts: Help Central</a></strong> if you need more assistance.</p> O1 - Hosts: </div><div id="ft"><p>Copyright © 2009 Yahoo! Inc. O1 - Hosts: All rights reserved. <a O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://privacy.yahoo.com">Privacy O1 - Hosts: Policy</a> - <a O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://docs.yahoo.com/info/terms/">Terms O1 - Hosts: of Service</a></p></div> O1 - Hosts: </div></body></html> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exeO4 - HKLM\..\Run: [bron-Spizaetus] "C:\WINDOWS\ShellNew\bronstab.exe"O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\administrateur.CYBERSTADE\Local Settings\Application Data\smss.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: Empty.pif = ? O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213964242218 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213972808875 O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cyberstade.lan O17 - HKLM\Software\..\Telephony: DomainName = cyberstade.lan O17 - HKLM\System\CCS\Services\Tcpip\..\{ADD55CEC-C550-45E6-B74E-A2EFCC644CF7}: NameServer = 192.168.0.100 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cyberstade.lan O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cyberstade.lan O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp2\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp2\bin\mysql\mysql5.1.30\bin\mysqld.exe -- End of file - 13225 bytes Passage d'un rhosts sans grand succes / mbam trouve rien Cordialement
- le 20 mai 2009
- 11 réponses
Je rame dans Wow

eclypse a posté un sujet dans Optimisation, Trucs & Astuces

Bonsoir Donc je voulais savoir si cela est normale avec la configuration suivante d'avoir (5/6 FPS) dans World of Warcraft Ordinateur: Système d'exploitation Microsoft Windows XP Home Edition Service Pack du système Service Pack 2 DirectX 4.09.00.0904 (DirectX 9.0c) Nom du système ACER-FE8B363750 Nom de l'utilisateur thomas Carte mère: Type de processeur Intel Celeron D 346, 3066 MHz (23 x 133) Nom de la carte mère ECS 661GX-M7 / 661GX/800-M7 (3 PCI, 1 AGP, 1 CNR, 2 DDR DIMM, Audio, Video, LAN) Chipset de la carte mère SiS 661GX Mémoire système 960 Mo (PC3200 DDR SDRAM) Type de BIOS Award (03/28/06) Port de communication Port de communication (COM1) Port de communication Port de communication (COM2) Port de communication Port imprimante ECP (LPT1) Moniteur: Carte vidéo SiS 661FX/GX Mirage Graphics (64 Mo) Accélérateur 3D SiS 330 Mirage Integrated Moniteur Écran Plug-and-Play [NoDB] (65103180) Multimédia: Carte audio SiS 7012 Audio Device Stockage: Contrôleur IDE Contrôleur SiS PCI IDE Contrôleur SCSI/RAID SiS 180/181 RAID Controller Disque dur Generic USB SD Reader USB Device Disque dur Generic USB CF Reader USB Device Disque dur Generic USB SM Reader USB Device Disque dur Generic USB MS Reader USB Device Disque dur WDC WD20 00JS-22NCB1 SCSI Disk Device (186 Go) Lecteur optique LITE-ON DVDRW SHW-160P6S État des disques durs SMART FAIL Partitions: C: (NTFS) 190779 Mo (167051 Mo libre) Entrée: Clavier Clavier standard 101/102 touches ou clavier Microsoft Natural Keyboard PS/2 Souris Souris compatible PS/2 Réseau: Carte réseau 802.11g USB 2.0 Wireless LAN Adapter (192.168.1.5) Périphériques: Imprimante Microsoft Office Document Image Writer Contrôleur USB1 SiS 7001 PCI-USB Open Host Controller Contrôleur USB1 SiS 7001 PCI-USB Open Host Controller Contrôleur USB1 SiS 7001 PCI-USB Open Host Controller Contrôleur USB2 SiS 7002 USB 2.0 Enhanced Host Controller Périphérique USB 802.11g USB 2.0 Wireless LAN Adapter Périphérique USB Périphérique de stockage de masse USB Si vous avez une solution je suis preneur Cordialement
- le 19 décembre 2008
Help!!!étude de mon logs HijackThis

eclypse a répondu à un(e) sujet de Crob-Mi dans Analyses et éradication malwares

Bonjour Falkra, Crob-Mi Pardon pour l'intrusion Falkra @Crob-Mi Désactive l'UAC-User Account Control -contrôle des comptes utilisateurs (surtout, bien penser à le réactiver après la désinfection). Démarrer > Panneau de Configuration Clique sur Comptes d'utilisateurs Clique à nouveau sur Comptes d'utilisateurs (*En mode d'affichage "Classique" : Panneau de configuration >> double-clique sur "Comptes d'utilisateurs") Clique sur Activer ou désactiver le contrôle des comptes d'utilisateurs (au bas) Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur Clique Ok pour valider (**Si l'UAC était déjà désactivé, clique "Annuler", quitte le Panneau de configuration et passe à l'étape suivante - pas de redémarrage requis) Tu seras invité à redémarrer l'ordinateur ; clique Ok. Ton ordinateur doit maintenant redémarrer. Une fois redémarrer efface le répertoire C:\Program Files (x86)\MSNFix\ puis relance l'exécution de msnfix.exe en utilisant le clique droit exécuter avec les droits d'administrateur Une fois l'installation finie tu feras à l'identique pour lancer le fichier msnfix.bat @+
- le 31 août 2008
- 31 réponses
antivir en français

eclypse a répondu à un sujet dans Software

Salut ! Bon pour faire bref rapide et concis ici (Page du serveur du lieu de téléchargement) ici (whois du nom de domaine principal d'antivir) ici (whois du nom de domaine des majs d'antivir et endroit ou est stocké le fichier) Comparez et à bon entendeur @+
- le 24 août 2008
- 10 réponses
[Résolu] Demande d'aide pour désinfecter mon ordi

eclypse a répondu à un(e) sujet de jeje77 dans Analyses et éradication malwares

Salut un helpeur prendra la suite @+
- le 29 juillet 2008
- 17 réponses
[Résolu] Demande d'aide pour désinfecter mon ordi

eclypse a répondu à un(e) sujet de jeje77 dans Analyses et éradication malwares

re Le rapport est incomplet ... poste moi le contenu du fichier resultat.txt qui doit se trouver dans c:\ @+
- le 29 juillet 2008
- 17 réponses

Connexion

eclypse

Compteur de contenus

Inscription

Dernière visite

À propos de eclypse

Contact Methods

Profile Information

Autres informations

Visiteurs récents du profil

Tonton

nthor

eclypse's Achievements

Extrem Member (7/12)

Réputation sur la communauté

MAJ Windows 8.1.1 – lancement automatique du narrateur.exe

eclypse

PC infecté

Recherche dvd 3 restoration ACER 5738ZG [urgent]

[urgent]Pc Caisse d'un cybercafé

[urgent]Pc Caisse d'un cybercafé

[urgent]Pc Caisse d'un cybercafé

[urgent]Pc Caisse d'un cybercafé

[urgent]Pc Caisse d'un cybercafé

[urgent]Pc Caisse d'un cybercafé

Je rame dans Wow

Help!!!étude de mon logs HijackThis

antivir en français

[Résolu] Demande d'aide pour désinfecter mon ordi

[Résolu] Demande d'aide pour désinfecter mon ordi

Zebulon

Outils en ligne

Naviguer