Aller au contenu

eclypse

Membres / développeurs
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    696

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par eclypse

  1. eclypse
    Bonjour Alors après avoir mes mises à jour de windows après un formatage et une reinstallation complete celui ci me lance le processus narateur.exe a chaque demarage de ma session. que dois je faire ? a part supprimer le fichier incriminé Cordialement
  2. eclypse

    salut les anciens

  3. eclypse
    Salut pear et chessbrain avptool est dipo ici mais pas sur ton lien pear bonne journée
  4. eclypse
    Bonjour Voila je cherches le dvd 3 d'un ACER 5738ZG je ne retrouves plus le mien existe t'il un moyen autre que de gaspiller 60 eurors ... De plus existe t'il une méthode pour reformater la table de partition comme à l'origine car la je ne vois plus pqservice Cordialement
  5. eclypse
    Re Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:10:46, on 03/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\administrateur.CYBERSTADE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Mozilla Firefox\firefox.exe \Srv-1\cyberstade\Install PC\executable\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1242961011733 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1242960972179 O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cyberstade.lan O17 - HKLM\Software\..\Telephony: DomainName = cyberstade.lan O17 - HKLM\System\CCS\Services\Tcpip\..\{ADD55CEC-C550-45E6-B74E-A2EFCC644CF7}: NameServer = 192.168.0.100 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cyberstade.lan O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cyberstade.lan O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = cyberstade.lan O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 5881 bytes Par contre le combofix a planté au milieu .... reboot manuel du PC Cordialemnt
  6. eclypse
    ComboFix 09-05-30.03 - administrateur 03/06/2009 5:26.6 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1532 [GMT 2:00] Lancé depuis: c:\documents and settings\administrateur.CYBERSTADE\Bureau\ComboFix.exe Commutateurs utilisés :: \\Srv-1\cyberstade\Install PC\CFscript2.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\mgjkp.dll" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IEVEFCN -------\Legacy_NWDDQSGJ -------\Legacy_OHLZZD -------\Legacy_YNPGFZVWH -------\Service_ievefcn -------\Service_nwddqsgj -------\Service_ohlzzd -------\Service_ynpgfzvwh ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-03 au 2009-06-03 )))))))))))))))))))))))))))))))))))) . 2009-06-02 12:29 . 2009-06-02 12:29 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\AbiSuite 2009-06-02 12:28 . 2009-06-02 12:29 -------- d-----w c:\program files\AbiSuite2 2009-05-30 20:06 . 2008-12-17 05:55 195096 ----a-w c:\windows\system32\lvci11901262.dll 2009-05-30 20:02 . 2009-05-30 20:02 -------- d-----w c:\program files\ma-config.com 2009-05-30 20:02 . 2009-05-30 20:02 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2009-05-30 19:55 . 2009-05-30 20:11 194648 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-30 19:47 . 2009-05-30 19:47 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-05-30 18:04 . 2009-05-30 18:09 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Rockstar Games 2009-05-30 18:00 . 2008-05-30 12:19 507400 ----a-w c:\windows\system32\XAudio2_1.dll 2009-05-30 18:00 . 2008-05-30 12:17 65032 ----a-w c:\windows\system32\XAPOFX1_0.dll 2009-05-30 18:00 . 2008-05-30 12:18 238088 ----a-w c:\windows\system32\xactengine3_1.dll 2009-05-30 18:00 . 2008-05-30 12:17 25608 ----a-w c:\windows\system32\X3DAudio1_4.dll 2009-05-30 18:00 . 2008-05-30 12:11 467984 ----a-w c:\windows\system32\d3dx10_38.dll 2009-05-30 18:00 . 2008-05-30 12:11 3850760 ----a-w c:\windows\system32\D3DX9_38.dll 2009-05-30 18:00 . 2008-05-30 12:11 1491992 ----a-w c:\windows\system32\D3DCompiler_38.dll 2009-05-30 17:59 . 2009-05-30 17:59 -------- d-----w c:\windows\Logs 2009-05-30 17:57 . 2009-05-30 17:59 -------- d-----w C:\29a1abc75369e977bf14 2009-05-30 17:57 . 2009-05-30 17:57 -------- d-----w c:\windows\system32\xlive 2009-05-30 17:57 . 2009-05-30 18:17 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2009-05-30 17:30 . 2009-05-30 17:30 -------- d-----w c:\program files\Rockstar Games 2009-05-23 05:58 . 2009-05-23 05:58 -------- d-sh--w c:\documents and settings\administrateur.CYBERSTADE\IECompatCache 2009-05-22 17:45 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll 2009-05-22 15:23 . 2009-05-22 15:23 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Windows Search 2009-05-22 09:35 . 2009-05-22 09:35 -------- d-sh--w c:\documents and settings\administrateur.CYBERSTADE\PrivacIE 2009-05-22 08:58 . 2009-05-22 08:58 -------- d-----r c:\documents and settings\LocalService\Favoris 2009-05-22 05:28 . 2008-06-14 17:33 272768 -c----w c:\windows\system32\dllcache\bthport.sys 2009-05-22 05:28 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys 2009-05-22 05:28 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys 2009-05-22 05:28 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys 2009-05-22 05:28 . 2008-10-15 16:35 337408 -c----w c:\windows\system32\dllcache\netapi32.dll 2009-05-22 05:12 . 2009-05-22 05:12 -------- d-----w c:\windows\l2schemas 2009-05-22 05:12 . 2009-05-22 05:12 -------- d-----w c:\windows\system32\fr 2009-05-22 05:12 . 2009-05-22 05:12 -------- d-----w c:\windows\system32\bits 2009-05-22 05:10 . 2009-05-22 05:12 -------- d-----w c:\windows\ServicePackFiles 2009-05-22 05:03 . 2009-05-22 05:03 -------- d-sh--w c:\documents and settings\LocalService\IETldCache 2009-05-22 05:02 . 2009-05-22 05:02 -------- d-sh--w c:\documents and settings\administrateur.CYBERSTADE\IETldCache 2009-05-22 04:04 . 2009-05-22 04:05 -------- d-----w C:\16419f3366b669dd913e6a2c08a705 2009-05-22 03:55 . 2009-05-22 03:55 -------- d-----w c:\windows\ie8updates 2009-05-22 03:55 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll 2009-05-22 03:54 . 2009-05-22 03:55 -------- dc-h--w c:\windows\ie8 2009-05-22 03:47 . 2009-05-22 03:48 -------- d-----w C:\256db5ca899894069a119cd228fb 2009-05-22 03:41 . 2009-06-02 14:44 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Tracing 2009-05-22 03:38 . 2009-05-22 03:38 -------- d-----w c:\program files\Windows Live SkyDrive 2009-05-22 03:37 . 2009-05-22 03:37 -------- d-----w c:\program files\Fichiers communs\Windows Live 2009-05-22 03:36 . 2009-05-22 03:36 -------- d-----w c:\program files\Microsoft Silverlight 2009-05-22 03:36 . 2009-05-22 03:36 -------- d-----w c:\program files\Microsoft 2009-05-22 03:35 . 2009-05-22 04:18 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2009-05-22 03:35 . 2009-05-22 03:35 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Windows Desktop Search 2009-05-22 03:34 . 2009-05-22 03:34 -------- d-----w c:\program files\Windows Desktop Search 2009-05-22 03:34 . 2009-05-22 03:34 -------- d-----w c:\windows\system32\GroupPolicy 2009-05-22 03:34 . 2009-05-22 03:34 -------- d-----w c:\program files\Windows Media Connect 2 2009-05-22 03:32 . 2009-05-22 03:34 -------- d-----w C:\ad6055a07064651d0d439eadb8bc 2009-05-22 03:31 . 2009-05-22 03:32 -------- d-----w C:\25b94b873eb42f49d1e534d39de5 2009-05-22 03:31 . 2009-05-22 03:32 -------- d-----w c:\windows\system32\drivers\UMDF 2009-05-22 03:30 . 2009-05-22 03:31 -------- d-----w C:\4b5f7b9cb3ff552b648fc199 2009-05-22 03:02 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll 2009-05-22 03:01 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-05-22 00:31 . 2009-05-22 00:31 -------- d-----w c:\windows\ERUNT 2009-05-20 12:04 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-20 12:04 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-20 12:04 . 2009-05-20 12:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-20 09:56 . 2009-05-20 10:03 -------- d-----w c:\program files\Woonoz 2009-05-20 06:30 . 2009-03-30 08:32 96104 ----a-w c:\windows\system32\drivers\avipbb.sys 2009-05-20 06:30 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-05-20 06:30 . 2009-02-13 10:28 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys 2009-05-20 06:30 . 2009-02-13 10:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys 2009-05-20 06:30 . 2009-05-20 06:30 -------- d-----w c:\program files\Avira 2009-05-20 06:30 . 2009-05-20 06:30 -------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-05-16 09:05 . 2009-05-16 09:05 8854 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\Uninstall_Namco_Muse_6FD27D5CCAFD4721825FD0DDE6C960D2.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ffe.exe1_2FCAB582E6F945AF988D869015108473.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ffe.exe_2FCAB582E6F945AF988D869015108473.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ARPPRODUCTICON.exe 2009-05-16 09:05 . 2009-05-16 09:05 -------- d-----w c:\program files\Namco 2009-05-08 14:38 . 2009-05-08 14:38 -------- d-----w c:\program files\CCleaner 2009-05-06 17:43 . 2009-05-19 10:21 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Loc.Mail.Bron.Tok . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-02 16:52 . 2009-04-11 18:26 -------- d-----w c:\program files\Garena 2009-06-02 12:48 . 2009-01-15 12:51 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-06-02 09:28 . 2009-02-03 14:01 1 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-06-01 17:46 . 2008-09-29 16:46 -------- d-----w c:\program files\Warcraft III 2009-05-30 20:07 . 2008-06-20 13:13 -------- d-----w c:\program files\Fichiers communs\LogiShrd 2009-05-30 20:06 . 2008-06-20 13:13 -------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd 2009-05-30 20:06 . 2008-10-28 03:35 -------- d-----w c:\program files\Logitech 2009-05-30 18:01 . 2008-11-12 09:49 107888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-05-30 17:30 . 2008-06-20 12:04 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-28 21:45 . 2008-06-20 12:31 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-22 18:57 . 2007-10-29 12:00 80956 ----a-w c:\windows\system32\perfc00C.dat 2009-05-22 18:57 . 2007-10-29 12:00 503690 ----a-w c:\windows\system32\perfh00C.dat 2009-05-22 08:46 . 2008-09-27 02:07 91568 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-22 05:13 . 2008-06-20 11:47 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-05-22 03:57 . 2008-06-20 12:55 -------- d-----w c:\program files\Microsoft Works 2009-05-22 03:55 . 2008-09-27 18:00 -------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2009-05-22 03:38 . 2008-06-20 14:28 -------- d-----w c:\program files\Windows Live 2009-05-21 12:54 . 2008-11-20 18:42 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\U3 2009-05-20 19:47 . 2009-02-06 14:00 -------- d-----w c:\program files\World of Warcraft 2009-05-16 09:04 . 2008-06-20 11:54 -------- d-----w c:\program files\Fichiers communs\InstallShield 2009-05-13 13:33 . 2008-09-27 17:57 -------- d-----w c:\program files\Dofus 2009-05-08 15:20 . 2008-09-28 23:21 -------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment 2009-05-08 15:17 . 2009-01-15 12:51 -------- d-----w c:\program files\Google 2009-05-08 14:49 . 2008-08-01 07:19 81984 ----a-w c:\windows\system32\bdod.bin 2009-05-08 10:48 . 2008-11-12 09:25 -------- d-----w c:\program files\L'Entraîneur 2006 2009-05-03 20:01 . 2008-11-20 10:33 -------- d-----w c:\program files\Steam 2009-04-27 18:59 . 2008-12-02 01:32 -------- d-----w c:\program files\Curse 2009-04-25 18:28 . 2009-03-11 20:17 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\teamspeak2 2009-04-23 15:45 . 2009-04-23 15:44 -------- d-----w c:\program files\QuickTime 2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w c:\windows\system32\xlive.dll 2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll 2009-04-16 17:51 . 2009-04-16 17:44 -------- d-----w c:\program files\Metin2_France 2009-04-10 14:03 . 2009-01-06 10:56 334912 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll 2009-04-10 14:02 . 2009-01-06 10:56 171072 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\uix86.dll 2009-04-10 14:02 . 2008-09-28 20:36 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-04-10 14:02 . 2008-09-28 20:35 189784 ----a-w c:\windows\system32\PnkBstrB.exe 2009-04-10 14:02 . 2009-01-06 10:56 874660 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbcl.dll 2009-04-10 14:02 . 2009-01-06 10:56 57344 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbag.dll 2009-04-10 14:02 . 2009-01-06 10:56 479232 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbsv.dll 2009-04-10 14:02 . 2009-01-06 10:56 2669632 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\quakelive.dll 2009-04-10 13:57 . 2008-09-28 20:35 75064 ----a-w c:\windows\system32\PnkBstrA.exe 2009-04-10 13:44 . 2008-09-28 20:36 22328 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\PnkBstrK.sys 2009-04-10 13:44 . 2008-09-28 20:36 22328 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\PnkBstrK.sys 2009-04-10 13:43 . 2008-09-28 20:35 2246144 ----a-w c:\windows\system32\pbsvc.exe 2009-03-30 06:50 . 2009-03-30 06:50 152576 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-03-25 08:46 . 2009-03-25 08:46 625728 ----a-w c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll 2009-03-09 03:19 . 2008-12-14 12:37 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-08 02:34 . 2007-10-29 12:00 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 02:34 . 2007-10-29 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 02:33 . 2007-10-29 12:00 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 02:33 . 2007-10-29 12:00 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 02:32 . 2007-10-29 12:00 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 02:32 . 2007-10-29 12:00 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 02:31 . 2007-10-29 12:00 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 02:31 . 2007-10-29 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 02:31 . 2007-10-29 12:00 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 02:22 . 2007-10-29 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 14:20 . 2007-10-29 12:00 286720 ----a-w c:\windows\system32\pdh.dll 2009-03-05 22:45 . 2009-03-05 22:45 12800 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Thinstall\Quake III Arena\4000003da00002i\quake3.exe 2008-09-27 03:56 . 2008-09-27 03:56 15397 ----a-w c:\program files\settings.dat . ((((((((((((((((((((((((((((( SnapShot@2009-05-30_21.42.15 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-03 03:32 . 2009-06-03 03:32 16384 c:\windows\temp\Perflib_Perfdata_738.dat + 2009-06-03 03:32 . 2008-12-16 19:59 109080 c:\windows\temp\logishrd\LVPrcInj01.dll - 2009-05-30 21:41 . 2008-12-16 19:59 109080 c:\windows\temp\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKLM\~\startupfolder\C:^Documents and Settings^administrateur.CYBERSTADE^Menu Démarrer^Programmes^Démarrage^Empty.pif] path=c:\documents and settings\administrateur.CYBERSTADE\Menu Démarrer\Programmes\Démarrage\Empty.pif backup=c:\windows\pss\Empty.pifStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/05/2009 08:30 108289] R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [23/06/2008 17:24 1121536] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contenu du dossier 'Tâches planifiées' 2009-06-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-15 19:25] 2009-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1881933800-2416438935-2271469046-500.job - c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 21:47] . . ------- Examen supplémentaire ------- . TCP: {ADD55CEC-C550-45E6-B74E-A2EFCC644CF7} = 192.168.0.100 FF - ProfilePath - c:\documents and settings\administrateur.CYBERSTADE\Application Data\Mozilla\Firefox\Profiles\arl8etxo.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - plugin: c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-03 05:37 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1881933800-2416438935-2271469046-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,90,41,5b,e7,ed,b0,45,bb,9a,af,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,90,41,5b,e7,ed,b0,45,bb,9a,af,\ [HKEY_USERS\S-1-5-21-1881933800-2416438935-2271469046-500\Software\SecuROM\License information*] "datasecu"=hex:83,ec,ce,39,4b,d4,02,df,c9,8b,5f,c4,34,9e,15,e0,31,47,75,5c,4d, e8,0b,97,f3,71,bb,08,b2,38,21,39,36,ca,c2,78,f0,ce,c7,82,54,5b,67,38,93,f6,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,bb,88,18,06,dd, 4b,f0,93,c8,28,51,af,b0,29,a3,98,91,45,1c,27,36,e6,56,ae,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,82,d8,95,42,f2, e4,97,e5,71,3b,04,66,8b,46,0d,96,98,ba,db,16,95,bb,83,90,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,2d,c7,52,d5,9e, c1,c8,1e,25,da,ec,7e,55,20,c9,26,86,c2,2f,d6,d9,02,80,0c,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,3a,0e,72,1e,ad, f3,97,8d,3e,1e,9e,e0,57,5a,93,61,ed,4e,f5,a8,e1,42,c6,c9,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,88,b3,35,eb,5a, ab,6c,1d,cd,44,cd,b9,a6,33,6c,cd,d7,78,b5,af,b8,3f,38,8e,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,22,92,7e,cf,04, a9,42,8a,b0,18,ed,a7,3f,8d,37,a4,15,b0,8e,ab,d9,bc,e5,e0,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,e2,0b,04,1b,79, 5a,0d,74,31,77,e1,ba,b1,f8,68,02,d4,8a,7e,0e,0a,d3,c9,b7,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,e6,a2,ec,fe,b7, be,c9,81,83,6c,56,8b,a0,85,96,ab,ac,fb,9b,d3,ad,41,3f,00,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,2a,47,03,c8,76, f4,f5,ac,51,fa,6e,91,28,9e,14,cc,05,8b,26,22,94,bb,8c,0e,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,b0,3a,03,c3,59, a8,0b,e6,b1,cd,45,5a,a8,c4,f8,b9,e9,df,bb,fc,07,ec,94,f5,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,55,74,c9,fe,f3, 65,cb,c2,e3,0e,66,d5,eb,bc,2f,6b,22,69,2b,f6,93,82,b9,70,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,a6,8c,b1,15,ea, 61,8e,9e,fa,ea,66,7f,d4,3b,6b,70,0c,a6,e1,4d,70,d4,72,e6,6c,43,2d,1e,aa,22,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(840) c:\program files\Bonjour\mdnsNSP.dll - - - - - - - > 'explorer.exe'(8084) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\ieframe.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\wpdshext.dll c:\windows\system32\Audiodev.dll c:\windows\system32\WMVCore.DLL c:\windows\system32\WMASF.DLL . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\searchindexer.exe c:\windows\system32\searchprotocolhost.exe c:\windows\system32\searchfilterhost.exe . ************************************************************************** . Heure de fin: 2009-06-03 5:44 - La machine a redémarré ComboFix-quarantined-files.txt 2009-06-03 03:44 ComboFix2.txt 2009-05-30 22:11 ComboFix3.txt 2009-05-30 21:50 Avant-CF: 127 405 252 608 octets libres Après-CF: 127 233 998 848 octets libres 349 --- E O F --- 2009-05-22 18:50
  7. eclypse
    Salut ComboFix 09-05-30.03 - administrateur 30/05/2009 23:24.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1616 [GMT 2:00] Lancé depuis: c:\documents and settings\administrateur.CYBERSTADE\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\administrateur.CYBERSTADE\Bureau\CFscript.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\documents and settings\administrateur.CYBERSTADE\Menu Démarrer\Programmes\Démarrage\Empty.pif" "c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\bob.exe" "c:\windows\system32\01407.tmp" "c:\windows\system32\034D.tmp" "c:\windows\system32\03CB.tmp" "c:\windows\system32\0640.tmp" "c:\windows\system32\mgjkp.dll" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Ê¢´óÍøÂç C:\RESTORE c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-30 )))))))))))))))))))))))))))))))))))) . 2009-05-30 20:06 . 2008-12-17 05:55 195096 ----a-w c:\windows\system32\lvci11901262.dll 2009-05-30 20:02 . 2009-05-30 20:02 -------- d-----w c:\program files\ma-config.com 2009-05-30 20:02 . 2009-05-30 20:02 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2009-05-30 19:55 . 2009-05-30 20:11 194648 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-30 19:47 . 2009-05-30 19:47 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-05-30 18:04 . 2009-05-30 18:09 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Rockstar Games 2009-05-30 18:00 . 2008-05-30 12:19 507400 ----a-w c:\windows\system32\XAudio2_1.dll 2009-05-30 18:00 . 2008-05-30 12:17 65032 ----a-w c:\windows\system32\XAPOFX1_0.dll 2009-05-30 18:00 . 2008-05-30 12:18 238088 ----a-w c:\windows\system32\xactengine3_1.dll 2009-05-30 18:00 . 2008-05-30 12:17 25608 ----a-w c:\windows\system32\X3DAudio1_4.dll 2009-05-30 18:00 . 2008-05-30 12:11 467984 ----a-w c:\windows\system32\d3dx10_38.dll 2009-05-30 18:00 . 2008-05-30 12:11 3850760 ----a-w c:\windows\system32\D3DX9_38.dll 2009-05-30 18:00 . 2008-05-30 12:11 1491992 ----a-w c:\windows\system32\D3DCompiler_38.dll 2009-05-30 17:59 . 2009-05-30 17:59 -------- d-----w c:\windows\Logs 2009-05-30 17:57 . 2009-05-30 17:59 -------- d-----w C:\29a1abc75369e977bf14 2009-05-30 17:57 . 2009-05-30 17:57 -------- d-----w c:\windows\system32\xlive 2009-05-30 17:57 . 2009-05-30 18:17 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2009-05-30 17:30 . 2009-05-30 17:30 -------- d-----w c:\program files\Rockstar Games 2009-05-23 05:58 . 2009-05-23 05:58 -------- d-sh--w c:\documents and settings\administrateur.CYBERSTADE\IECompatCache 2009-05-22 17:45 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll 2009-05-22 15:23 . 2009-05-22 15:23 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Windows Search 2009-05-22 09:35 . 2009-05-22 09:35 -------- d-sh--w c:\documents and settings\administrateur.CYBERSTADE\PrivacIE 2009-05-22 08:58 . 2009-05-22 08:58 -------- d-----r c:\documents and settings\LocalService\Favoris 2009-05-22 05:28 . 2008-06-14 17:33 272768 -c----w c:\windows\system32\dllcache\bthport.sys 2009-05-22 05:28 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys 2009-05-22 05:28 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys 2009-05-22 05:28 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys 2009-05-22 05:28 . 2008-10-15 16:35 337408 -c----w c:\windows\system32\dllcache\netapi32.dll 2009-05-22 05:12 . 2009-05-22 05:12 -------- d-----w c:\windows\l2schemas 2009-05-22 05:12 . 2009-05-22 05:12 -------- d-----w c:\windows\system32\fr 2009-05-22 05:12 . 2009-05-22 05:12 -------- d-----w c:\windows\system32\bits 2009-05-22 05:10 . 2009-05-22 05:12 -------- d-----w c:\windows\ServicePackFiles 2009-05-22 05:03 . 2009-05-22 05:03 -------- d-sh--w c:\documents and settings\LocalService\IETldCache 2009-05-22 05:02 . 2009-05-22 05:02 -------- d-sh--w c:\documents and settings\administrateur.CYBERSTADE\IETldCache 2009-05-22 04:04 . 2009-05-22 04:05 -------- d-----w C:\16419f3366b669dd913e6a2c08a705 2009-05-22 03:55 . 2009-05-22 03:55 -------- d-----w c:\windows\ie8updates 2009-05-22 03:55 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll 2009-05-22 03:54 . 2009-05-22 03:55 -------- dc-h--w c:\windows\ie8 2009-05-22 03:47 . 2009-05-22 03:48 -------- d-----w C:\256db5ca899894069a119cd228fb 2009-05-22 03:41 . 2009-05-30 20:31 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Tracing 2009-05-22 03:38 . 2009-05-22 03:38 -------- d-----w c:\program files\Windows Live SkyDrive 2009-05-22 03:37 . 2009-05-22 03:37 -------- d-----w c:\program files\Fichiers communs\Windows Live 2009-05-22 03:36 . 2009-05-22 03:36 -------- d-----w c:\program files\Microsoft Silverlight 2009-05-22 03:36 . 2009-05-22 03:36 -------- d-----w c:\program files\Microsoft 2009-05-22 03:35 . 2009-05-22 04:18 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2009-05-22 03:35 . 2009-05-22 03:35 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Windows Desktop Search 2009-05-22 03:34 . 2009-05-22 03:34 -------- d-----w c:\program files\Windows Desktop Search 2009-05-22 03:34 . 2009-05-22 03:34 -------- d-----w c:\windows\system32\GroupPolicy 2009-05-22 03:34 . 2009-05-22 03:34 -------- d-----w c:\program files\Windows Media Connect 2 2009-05-22 03:32 . 2009-05-22 03:34 -------- d-----w C:\ad6055a07064651d0d439eadb8bc 2009-05-22 03:31 . 2009-05-22 03:32 -------- d-----w C:\25b94b873eb42f49d1e534d39de5 2009-05-22 03:31 . 2009-05-22 03:32 -------- d-----w c:\windows\system32\drivers\UMDF 2009-05-22 03:30 . 2009-05-22 03:31 -------- d-----w C:\4b5f7b9cb3ff552b648fc199 2009-05-22 03:02 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll 2009-05-22 03:01 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-05-22 00:31 . 2009-05-22 00:31 -------- d-----w c:\windows\ERUNT 2009-05-20 12:04 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-20 12:04 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-20 12:04 . 2009-05-20 12:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-20 09:56 . 2009-05-20 10:03 -------- d-----w c:\program files\Woonoz 2009-05-20 06:30 . 2009-03-30 08:32 96104 ----a-w c:\windows\system32\drivers\avipbb.sys 2009-05-20 06:30 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-05-20 06:30 . 2009-02-13 10:28 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys 2009-05-20 06:30 . 2009-02-13 10:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys 2009-05-20 06:30 . 2009-05-20 06:30 -------- d-----w c:\program files\Avira 2009-05-20 06:30 . 2009-05-20 06:30 -------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-05-16 09:05 . 2009-05-16 09:05 8854 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\Uninstall_Namco_Muse_6FD27D5CCAFD4721825FD0DDE6C960D2.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ffe.exe1_2FCAB582E6F945AF988D869015108473.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ffe.exe_2FCAB582E6F945AF988D869015108473.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ARPPRODUCTICON.exe 2009-05-16 09:05 . 2009-05-16 09:05 -------- d-----w c:\program files\Namco 2009-05-08 14:38 . 2009-05-08 14:38 -------- d-----w c:\program files\CCleaner 2009-05-06 17:43 . 2009-05-19 10:21 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Loc.Mail.Bron.Tok . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-30 20:07 . 2008-06-20 13:13 -------- d-----w c:\program files\Fichiers communs\LogiShrd 2009-05-30 20:06 . 2008-06-20 13:13 -------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd 2009-05-30 20:06 . 2008-10-28 03:35 -------- d-----w c:\program files\Logitech 2009-05-30 18:01 . 2008-11-12 09:49 107888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-05-30 17:30 . 2008-06-20 12:04 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-30 10:08 . 2009-02-03 14:01 1 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-05-30 01:02 . 2009-04-11 18:26 -------- d-----w c:\program files\Garena 2009-05-29 23:02 . 2009-01-15 12:51 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-05-28 21:45 . 2008-06-20 12:31 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-27 22:09 . 2008-09-29 16:46 -------- d-----w c:\program files\Warcraft III 2009-05-22 18:57 . 2007-10-29 12:00 80956 ----a-w c:\windows\system32\perfc00C.dat 2009-05-22 18:57 . 2007-10-29 12:00 503690 ----a-w c:\windows\system32\perfh00C.dat 2009-05-22 08:46 . 2008-09-27 02:07 91568 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-22 05:13 . 2008-06-20 11:47 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-05-22 03:57 . 2008-06-20 12:55 -------- d-----w c:\program files\Microsoft Works 2009-05-22 03:55 . 2008-09-27 18:00 -------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2009-05-22 03:38 . 2008-06-20 14:28 -------- d-----w c:\program files\Windows Live 2009-05-21 12:54 . 2008-11-20 18:42 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\U3 2009-05-20 19:47 . 2009-02-06 14:00 -------- d-----w c:\program files\World of Warcraft 2009-05-16 09:04 . 2008-06-20 11:54 -------- d-----w c:\program files\Fichiers communs\InstallShield 2009-05-13 13:33 . 2008-09-27 17:57 -------- d-----w c:\program files\Dofus 2009-05-08 15:20 . 2008-09-28 23:21 -------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment 2009-05-08 15:17 . 2009-01-15 12:51 -------- d-----w c:\program files\Google 2009-05-08 14:49 . 2008-08-01 07:19 81984 ----a-w c:\windows\system32\bdod.bin 2009-05-08 10:48 . 2008-11-12 09:25 -------- d-----w c:\program files\L'Entraîneur 2006 2009-05-03 20:01 . 2008-11-20 10:33 -------- d-----w c:\program files\Steam 2009-04-27 18:59 . 2008-12-02 01:32 -------- d-----w c:\program files\Curse 2009-04-25 18:28 . 2009-03-11 20:17 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\teamspeak2 2009-04-23 15:45 . 2009-04-23 15:44 -------- d-----w c:\program files\QuickTime 2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w c:\windows\system32\xlive.dll 2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll 2009-04-16 17:51 . 2009-04-16 17:44 -------- d-----w c:\program files\Metin2_France 2009-04-10 14:03 . 2009-01-06 10:56 334912 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll 2009-04-10 14:02 . 2009-01-06 10:56 171072 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\uix86.dll 2009-04-10 14:02 . 2008-09-28 20:36 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-04-10 14:02 . 2008-09-28 20:35 189784 ----a-w c:\windows\system32\PnkBstrB.exe 2009-04-10 14:02 . 2009-01-06 10:56 874660 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbcl.dll 2009-04-10 14:02 . 2009-01-06 10:56 57344 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbag.dll 2009-04-10 14:02 . 2009-01-06 10:56 479232 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbsv.dll 2009-04-10 14:02 . 2009-01-06 10:56 2669632 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\quakelive.dll 2009-04-10 13:57 . 2008-09-28 20:35 75064 ----a-w c:\windows\system32\PnkBstrA.exe 2009-04-10 13:44 . 2008-09-28 20:36 22328 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\PnkBstrK.sys 2009-04-10 13:44 . 2008-09-28 20:36 22328 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\PnkBstrK.sys 2009-04-10 13:43 . 2008-09-28 20:35 2246144 ----a-w c:\windows\system32\pbsvc.exe 2009-03-30 06:50 . 2009-03-30 06:50 152576 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-03-25 08:46 . 2009-03-25 08:46 625728 ----a-w c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll 2009-03-09 03:19 . 2008-12-14 12:37 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-08 02:34 . 2007-10-29 12:00 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 02:34 . 2007-10-29 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 02:33 . 2007-10-29 12:00 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 02:33 . 2007-10-29 12:00 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 02:32 . 2007-10-29 12:00 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 02:32 . 2007-10-29 12:00 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 02:31 . 2007-10-29 12:00 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 02:31 . 2007-10-29 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 02:31 . 2007-10-29 12:00 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 02:22 . 2007-10-29 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 14:20 . 2007-10-29 12:00 286720 ----a-w c:\windows\system32\pdh.dll 2009-03-05 22:45 . 2009-03-05 22:45 12800 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Thinstall\Quake III Arena\4000003da00002i\quake3.exe 2008-09-27 03:56 . 2008-09-27 03:56 15397 ----a-w c:\program files\settings.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKLM\~\startupfolder\C:^Documents and Settings^administrateur.CYBERSTADE^Menu Démarrer^Programmes^Démarrage^Empty.pif] path=c:\documents and settings\administrateur.CYBERSTADE\Menu Démarrer\Programmes\Démarrage\Empty.pif backup=c:\windows\pss\Empty.pifStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/05/2009 08:30 108289] R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [23/06/2008 17:24 1121536] S2 ievefcn;dtgqv;c:\windows\system32\svchost.exe -k netsvcs [29/10/2007 14:00 14336] S2 nwddqsgj;Shell Universal;c:\windows\system32\svchost.exe -k netsvcs [29/10/2007 14:00 14336] S2 ohlzzd;Security Helper;c:\windows\system32\svchost.exe -k netsvcs [29/10/2007 14:00 14336] S2 ynpgfzvwh;System Microsoft;c:\windows\system32\svchost.exe -k netsvcs [29/10/2007 14:00 14336] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs nwddqsgj ohlzzd ynpgfzvwh ievefcn [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contenu du dossier 'Tâches planifiées' 2009-05-30 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-15 19:25] 2009-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1881933800-2416438935-2271469046-500.job - c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 21:47] . - - - - ORPHELINS SUPPRIMES - - - - SafeBoot-procexp90.Sys . ------- Examen supplémentaire ------- . TCP: {ADD55CEC-C550-45E6-B74E-A2EFCC644CF7} = 192.168.0.100 FF - ProfilePath - c:\documents and settings\administrateur.CYBERSTADE\Application Data\Mozilla\Firefox\Profiles\arl8etxo.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - plugin: c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-30 23:42 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ievefcn] "ServiceDll"="c:\windows\system32\mgjkp.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nwddqsgj] "ServiceDll"="c:\windows\system32\mgjkp.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohlzzd] "ServiceDll"="c:\windows\system32\mgjkp.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ynpgfzvwh] "ServiceDll"="c:\windows\system32\mgjkp.dll" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1881933800-2416438935-2271469046-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,90,41,5b,e7,ed,b0,45,bb,9a,af,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,90,41,5b,e7,ed,b0,45,bb,9a,af,\ [HKEY_USERS\S-1-5-21-1881933800-2416438935-2271469046-500\Software\SecuROM\License information*] "datasecu"=hex:83,ec,ce,39,4b,d4,02,df,c9,8b,5f,c4,34,9e,15,e0,31,47,75,5c,4d, e8,0b,97,f3,71,bb,08,b2,38,21,39,36,ca,c2,78,f0,ce,c7,82,54,5b,67,38,93,f6,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,bb,88,18,06,dd, 4b,f0,93,c8,28,51,af,b0,29,a3,98,91,45,1c,27,36,e6,56,ae,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,82,d8,95,42,f2, e4,97,e5,71,3b,04,66,8b,46,0d,96,98,ba,db,16,95,bb,83,90,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,2d,c7,52,d5,9e, c1,c8,1e,25,da,ec,7e,55,20,c9,26,86,c2,2f,d6,d9,02,80,0c,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,3a,0e,72,1e,ad, f3,97,8d,3e,1e,9e,e0,57,5a,93,61,ed,4e,f5,a8,e1,42,c6,c9,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,88,b3,35,eb,5a, ab,6c,1d,cd,44,cd,b9,a6,33,6c,cd,d7,78,b5,af,b8,3f,38,8e,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,22,92,7e,cf,04, a9,42,8a,b0,18,ed,a7,3f,8d,37,a4,15,b0,8e,ab,d9,bc,e5,e0,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,e2,0b,04,1b,79, 5a,0d,74,31,77,e1,ba,b1,f8,68,02,d4,8a,7e,0e,0a,d3,c9,b7,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,e6,a2,ec,fe,b7, be,c9,81,83,6c,56,8b,a0,85,96,ab,ac,fb,9b,d3,ad,41,3f,00,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,2a,47,03,c8,76, f4,f5,ac,51,fa,6e,91,28,9e,14,cc,05,8b,26,22,94,bb,8c,0e,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,b0,3a,03,c3,59, a8,0b,e6,b1,cd,45,5a,a8,c4,f8,b9,e9,df,bb,fc,07,ec,94,f5,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,55,74,c9,fe,f3, 65,cb,c2,e3,0e,66,d5,eb,bc,2f,6b,22,69,2b,f6,93,82,b9,70,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,a6,8c,b1,15,ea, 61,8e,9e,fa,ea,66,7f,d4,3b,6b,70,0c,a6,e1,4d,70,d4,72,e6,6c,43,2d,1e,aa,22,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(844) c:\program files\Bonjour\mdnsNSP.dll - - - - - - - > 'explorer.exe'(7820) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\ieframe.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\searchindexer.exe c:\windows\system32\searchprotocolhost.exe c:\windows\system32\searchfilterhost.exe . ************************************************************************** . Heure de fin: 2009-05-30 23:50 - La machine a redémarré ComboFix-quarantined-files.txt 2009-05-30 21:50 Avant-CF: 126 491 959 296 octets libres Après-CF: 126 462 050 304 octets libres 366 --- E O F --- 2009-05-22 18:50 il plante o milieu obliger de reboot le pc à la main @+
  8. eclypse
    Salut Peux tu remettre le lien du fichier il est expiré @+
  9. eclypse
    Salut Falkra Voila comme convenu ComboFix 09-05-21.01 - administrateur 05/22/2009 1:44.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2046.1525 [GMT 2:00] Running from: c:\documents and settings\administrateur.CYBERSTADE\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\administrateur.CYBERSTADE\Application Data\.# c:\documents and settings\administrateur.CYBERSTADE\Application Data\.#\MBX@1708@A141A8.### c:\documents and settings\administrateur.CYBERSTADE\Application Data\.#\MBX@1708@A141D8.### c:\documents and settings\administrateur.CYBERSTADE\Application Data\.#\MBX@1708@A14208.### c:\documents and settings\administrateur.CYBERSTADE\Application Data\.#\MBX@1FA4@A141A8.### c:\documents and settings\administrateur.CYBERSTADE\Application Data\.#\MBX@1FA4@A141D8.### c:\documents and settings\administrateur.CYBERSTADE\Application Data\.#\MBX@1FA4@A14208.### c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013 c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\bob.exe c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\windows\system32\Ijl11.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll ----- BITS: Possible infected sites ----- hxxp://srv-1 . ((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 ))))))))))))))))))))))))))))))) . 2009-05-20 13:46 . 2009-05-21 23:45 -------- d-sh--r C:\RESTORE 2009-05-20 12:04 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-20 12:04 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-20 12:04 . 2009-05-20 12:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-20 09:56 . 2009-05-20 10:03 -------- d-----w c:\program files\Woonoz 2009-05-20 06:30 . 2009-03-30 08:32 96104 ----a-w c:\windows\system32\drivers\avipbb.sys 2009-05-20 06:30 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-05-20 06:30 . 2009-02-13 10:28 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys 2009-05-20 06:30 . 2009-02-13 10:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys 2009-05-20 06:30 . 2009-05-20 06:30 -------- d-----w c:\program files\Avira 2009-05-20 06:30 . 2009-05-20 06:30 -------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-05-20 05:45 . 2009-05-20 05:45 3544 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok.A9.em.bin 2009-05-19 22:00 . 2009-05-19 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-20 2009-05-18 22:00 . 2009-05-18 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-19 2009-05-17 22:00 . 2009-05-17 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-18 2009-05-16 22:00 . 2009-05-16 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-17 2009-05-16 09:05 . 2009-05-16 09:05 8854 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\Uninstall_Namco_Muse_6FD27D5CCAFD4721825FD0DDE6C960D2.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ffe.exe1_2FCAB582E6F945AF988D869015108473.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ffe.exe_2FCAB582E6F945AF988D869015108473.exe 2009-05-16 09:05 . 2009-05-16 09:05 19518 ----a-r c:\documents and settings\administrateur.CYBERSTADE\Application Data\Microsoft\Installer\{6FD27D5C-CAFD-4721-825F-D0DDE6C960D2}\ARPPRODUCTICON.exe 2009-05-16 09:05 . 2009-05-16 09:05 -------- d-----w c:\program files\Namco 2009-05-15 22:00 . 2009-05-15 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-16 2009-05-14 22:00 . 2009-05-14 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-15 2009-05-13 22:00 . 2009-05-13 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-14 2009-05-12 22:00 . 2009-05-12 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-13 2009-05-12 16:22 . 2009-05-12 16:22 57344 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-36e50021-n\Decora-SSE.dll 2009-05-12 16:22 . 2009-05-12 16:22 24064 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-3c017a66-n\Decora-D3D.dll 2009-05-12 16:22 . 2009-05-12 16:22 315392 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5a1a7d5f-n\jogl.dll 2009-05-12 16:22 . 2009-05-12 16:22 20480 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5a1a7d5f-n\jogl_awt.dll 2009-05-12 16:22 . 2009-05-12 16:22 114688 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5a1a7d5f-n\jogl_cg.dll 2009-05-12 16:22 . 2009-05-12 16:22 499712 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5bf2b31c-n\msvcp71.dll 2009-05-12 16:22 . 2009-05-12 16:22 499712 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5bf2b31c-n\jmc.dll 2009-05-12 16:22 . 2009-05-12 16:22 348160 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5bf2b31c-n\msvcr71.dll 2009-05-12 16:22 . 2009-05-12 16:22 20480 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-27c1967d-n\gluegen-rt.dll 2009-05-11 22:00 . 2009-05-11 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-12 2009-05-10 22:00 . 2009-05-10 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-11 2009-05-09 22:00 . 2009-05-09 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-10 2009-05-08 22:00 . 2009-05-08 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-9 2009-05-08 14:38 . 2009-05-08 14:38 -------- d-----w c:\program files\CCleaner 2009-05-08 13:51 . 2009-05-09 22:11 -------- d-----w c:\program files\Ê¢´óÍøÂç 2009-05-07 22:00 . 2009-05-07 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-8 2009-05-06 22:00 . 2009-05-06 22:00 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-7 2009-05-06 17:43 . 2009-05-19 10:21 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Loc.Mail.Bron.Tok 2009-05-06 17:43 . 2009-05-06 17:43 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Ok-SendMail-Bron-tok 2009-05-06 17:37 . 2009-05-06 17:37 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Bron.tok-9-6 2009-04-23 15:44 . 2009-04-23 15:45 -------- d-----w c:\program files\QuickTime . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-21 12:54 . 2008-11-20 18:42 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\U3 2009-05-20 19:47 . 2009-02-06 14:00 -------- d-----w c:\program files\World of Warcraft 2009-05-19 13:36 . 2009-02-03 14:01 1 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-05-19 13:23 . 2009-01-15 12:51 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-05-17 16:57 . 2008-09-29 16:46 -------- d-----w c:\program files\Warcraft III 2009-05-17 15:51 . 2009-04-11 18:26 -------- d-----w c:\program files\Garena 2009-05-16 09:04 . 2008-06-20 11:54 -------- d-----w c:\program files\Fichiers communs\InstallShield 2009-05-13 13:33 . 2008-09-27 17:57 -------- d-----w c:\program files\Dofus 2009-05-09 22:11 . 2009-05-08 13:51 -------- d-----w c:\program files\Ê¢´óÍøÂç 2009-05-09 22:08 . 2008-09-27 02:07 91568 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-08 15:20 . 2008-09-28 23:21 -------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment 2009-05-08 15:17 . 2009-01-15 12:51 -------- d-----w c:\program files\Google 2009-05-08 14:49 . 2008-08-01 07:19 81984 ----a-w c:\windows\system32\bdod.bin 2009-05-08 10:48 . 2008-11-12 09:25 -------- d-----w c:\program files\L'Entraîneur 2006 2009-05-06 18:02 . 2008-06-20 12:31 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-03 20:01 . 2008-11-20 10:33 -------- d-----w c:\program files\Steam 2009-04-28 03:29 . 2009-03-08 18:56 265416 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-27 18:59 . 2008-12-02 01:32 -------- d-----w c:\program files\Curse 2009-04-25 18:28 . 2009-03-11 20:17 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\teamspeak2 2009-04-16 17:51 . 2009-04-16 17:44 -------- d-----w c:\program files\Metin2_France 2009-04-10 14:03 . 2009-01-06 10:56 334912 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll 2009-04-10 14:02 . 2009-01-06 10:56 171072 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\uix86.dll 2009-04-10 14:02 . 2008-09-28 20:36 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-04-10 14:02 . 2008-09-28 20:35 189784 ----a-w c:\windows\system32\PnkBstrB.exe 2009-04-10 14:02 . 2009-01-06 10:56 874660 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbcl.dll 2009-04-10 14:02 . 2009-01-06 10:56 57344 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbag.dll 2009-04-10 14:02 . 2009-01-06 10:56 479232 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\pb\pbsv.dll 2009-04-10 14:02 . 2009-01-06 10:56 2669632 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\id Software\quakelive\home\baseq3\quakelive.dll 2009-04-10 13:57 . 2008-09-28 20:35 75064 ----a-w c:\windows\system32\PnkBstrA.exe 2009-04-10 13:44 . 2008-09-28 20:36 22328 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\PnkBstrK.sys 2009-04-10 13:44 . 2008-09-28 20:36 22328 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\PnkBstrK.sys 2009-04-10 13:43 . 2008-09-28 20:35 2246144 ----a-w c:\windows\system32\pbsvc.exe 2009-03-31 07:13 . 2007-10-29 12:00 83924 ----a-w c:\windows\system32\perfc00C.dat 2009-03-31 07:13 . 2007-10-29 12:00 507248 ----a-w c:\windows\system32\perfh00C.dat 2009-03-30 07:12 . 2008-09-27 18:39 -------- d-----w c:\program files\Java 2009-03-30 06:50 . 2009-03-30 06:50 152576 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-03-26 19:10 . 2009-03-26 19:09 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Download Manager 2009-03-25 08:46 . 2009-03-25 08:46 625728 ----a-w c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll 2009-03-24 09:53 . 2008-06-20 12:16 -------- d-----w c:\program files\Fichiers communs\Adobe 2009-03-23 19:15 . 2009-03-11 20:04 -------- d-----w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Mumble 2009-03-12 05:44 . 2009-03-12 14:06 1027408 ----a-w c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGUserCSTool.exe 2009-03-12 05:43 . 2009-03-12 14:06 434176 ----a-w c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll 2009-03-09 03:19 . 2008-12-14 12:37 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-05 22:45 . 2009-03-05 22:45 12800 ----a-w c:\documents and settings\administrateur.CYBERSTADE\Application Data\Thinstall\Quake III Arena\4000003da00002i\quake3.exe 2009-03-03 22:45 . 2009-03-12 14:06 81920 ----a-w c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMobileDL.dll 2008-09-27 03:56 . 2008-09-27 03:56 15397 ----a-w c:\program files\settings.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2007-10-29 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408] "Google Update"="c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-21 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2007-10-29 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048] [HKLM\~\startupfolder\C:^Documents and Settings^administrateur.CYBERSTADE^Menu Démarrer^Programmes^Démarrage^Empty.pif] path=c:\documents and settings\administrateur.CYBERSTADE\Menu Démarrer\Programmes\Démarrage\Empty.pif backup=c:\windows\pss\Empty.pifStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [5/20/2009 8:30 AM 108289] R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [6/23/2008 5:24 PM 1121536] S2 ievefcn;dtgqv;c:\windows\system32\svchost.exe -k netsvcs [10/29/2007 2:00 PM 14336] S2 nwddqsgj;Shell Universal;c:\windows\system32\svchost.exe -k netsvcs [10/29/2007 2:00 PM 14336] S2 ohlzzd;Security Helper;c:\windows\system32\svchost.exe -k netsvcs [10/29/2007 2:00 PM 14336] S2 ynpgfzvwh;System Microsoft;c:\windows\system32\svchost.exe -k netsvcs [10/29/2007 2:00 PM 14336] S3 kiowznvsp;kiowznvsp;\??\c:\windows\system32\03CB.tmp --> c:\windows\system32\03CB.tmp [?] S3 ktmfiaw;ktmfiaw;\??\c:\windows\system32\0640.tmp --> c:\windows\system32\0640.tmp [?] S3 qpkvc;qpkvc;\??\c:\windows\system32\034D.tmp --> c:\windows\system32\034D.tmp [?] S3 qyynu;qyynu;\??\c:\windows\system32\01407.tmp --> c:\windows\system32\01407.tmp [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs nwddqsgj ohlzzd ynpgfzvwh ievefcn [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C631322}] c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\bob.exe . Contents of the 'Scheduled Tasks' folder 2009-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1881933800-2416438935-2271469046-500.job - c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 21:47] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {ADD55CEC-C550-45E6-B74E-A2EFCC644CF7} = 192.168.0.100 FF - ProfilePath - c:\documents and settings\administrateur.CYBERSTADE\Application Data\Mozilla\Firefox\Profiles\arl8etxo.default\ FF - prefs.js: browser.startup.homepage - www.google.Fr FF - plugin: c:\documents and settings\administrateur.CYBERSTADE\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-22 01:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kiowznvsp] "ImagePath"="\??\c:\windows\system32\03CB.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ktmfiaw] "ImagePath"="\??\c:\windows\system32\0640.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qpkvc] "ImagePath"="\??\c:\windows\system32\034D.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qyynu] "ImagePath"="\??\c:\windows\system32\01407.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ievefcn] "ServiceDll"="c:\windows\system32\mgjkp.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nwddqsgj] "ServiceDll"="c:\windows\system32\mgjkp.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohlzzd] "ServiceDll"="c:\windows\system32\mgjkp.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ynpgfzvwh] "ServiceDll"="c:\windows\system32\mgjkp.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,bb,88,18,06,dd, 4b,f0,93,c8,28,51,af,b0,29,a3,98,91,45,1c,27,36,e6,56,ae,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,82,d8,95,42,f2, e4,97,e5,71,3b,04,66,8b,46,0d,96,98,ba,db,16,95,bb,83,90,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,2d,c7,52,d5,9e, c1,c8,1e,25,da,ec,7e,55,20,c9,26,86,c2,2f,d6,d9,02,80,0c,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,3a,0e,72,1e,ad, f3,97,8d,3e,1e,9e,e0,57,5a,93,61,ed,4e,f5,a8,e1,42,c6,c9,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,88,b3,35,eb,5a, ab,6c,1d,cd,44,cd,b9,a6,33,6c,cd,d7,78,b5,af,b8,3f,38,8e,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,22,92,7e,cf,04, a9,42,8a,b0,18,ed,a7,3f,8d,37,a4,15,b0,8e,ab,d9,bc,e5,e0,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,e2,0b,04,1b,79, 5a,0d,74,31,77,e1,ba,b1,f8,68,02,d4,8a,7e,0e,0a,d3,c9,b7,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,e6,a2,ec,fe,b7, be,c9,81,83,6c,56,8b,a0,85,96,ab,ac,fb,9b,d3,ad,41,3f,00,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,2a,47,03,c8,76, f4,f5,ac,51,fa,6e,91,28,9e,14,cc,05,8b,26,22,94,bb,8c,0e,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,b0,3a,03,c3,59, a8,0b,e6,b1,cd,45,5a,a8,c4,f8,b9,e9,df,bb,fc,07,ec,94,f5,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,55,74,c9,fe,f3, 65,cb,c2,e3,0e,66,d5,eb,bc,2f,6b,22,69,2b,f6,93,82,b9,70,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,a6,8c,b1,15,ea, 61,8e,9e,fa,ea,66,7f,d4,3b,6b,70,0c,a6,e1,4d,70,d4,72,e6,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(844) c:\program files\Bonjour\mdnsNSP.dll - - - - - - - > 'explorer.exe'(6444) c:\windows\TEMP\logishrd\LVPrcInj01.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\wdfmgr.exe c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe c:\progra~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe . ************************************************************************** . Completion time: 2009-05-21 1:56 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-21 23:56 Pre-Run: 148,751,904,768 octets libres Post-Run: 148,810,395,648 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(2)partition(2)\WINDOWS=Windows XP/2003 327 --- E O F --- 2009-05-21 23:55 J'ai effacer :
  10. eclypse
    Salut Alors voila l'antivirus à été delete par un virus ... de plus lors de tentative de nettoyage le pc redemarre tout seul quelque soit le mode utilisé Voici le log hijackthis ------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:14:48 AM, on 5/20/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\Documents and Settings\administrateur.CYBERSTADE\Local Settings\Application Data\winlogon.exe C:\Documents and Settings\administrateur.CYBERSTADE\Local Settings\Application Data\services.exe C:\Documents and Settings\administrateur.CYBERSTADE\Local Settings\Application Data\lsass.exe C:\Documents and Settings\administrateur.CYBERSTADE\Local Settings\Application Data\inetinfo.exe C:\Documents and Settings\administrateur.CYBERSTADE\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe" O1 - Hosts: <!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> O1 - Hosts: <html><head><title>Yahoo! - 503 Service Temporarily Unavailable</title><style> O1 - Hosts: /* nn4 hide */ O1 - Hosts: /*/*/ O1 - Hosts: body {font:small/1.2em arial,helvetica,clean,sans-serif;font:x-small;text-align:center;}table {font-size:inherit;font:x-small;} O1 - Hosts: html>body {font:83%/1.2em arial,helvetica,clean,sans-serif;}input {font-size:100%;vertical-align:middle;}p, form {margin:0;padding:0;} O1 - Hosts: p {padding-bottom:6px;margin-bottom:10px;}#doc {width:48.5em;margin:0 auto;border:1px solid #fff;text-align:center;}#ygma {text-align:right;margin-bottom:53px} O1 - Hosts: h1 {font-size:135%;text-align:center;margin:0 0 15px;}legend {display:none;}fieldset {border:0 solid #fff;padding:.8em 0 .8em 4.5em;} O1 - Hosts: form {position:relative;background:#eee;margin-bottom:15px;border:1px solid #ccc;border-width:1px 0;} O1 - Hosts: form span {position:absolute;left:70%;top:.8em;}form a {font:78%/1.2em arial;display:block;padding-left:.8em;white-space:nowrap;background: url(http://us.i1.yimg.com/us.yimg.com/i/s/bullet.gif) no-repeat left center;} O1 - Hosts: form .sep {display:none;}.more {text-align:center;}#ft {padding-top:10px;border-top:1px solid #999;}#ft p {text-align:center;font:78% arial;} O1 - Hosts: /* end nn4 hide */ O1 - Hosts: </style></head> O1 - Hosts: <body><div id="doc"> O1 - Hosts: <div id="ygma"><a href="http://us.rd.yahoo.com/503/*http://www.yahoo.com"><img O1 - Hosts: src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif O1 - Hosts: width=147 height=31 border=0 alt="Yahoo!"></a><div><a O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://www.yahoo.com">Yahoo!</a>'>http://us.rd.yahoo.com/503/*http://www.yahoo.com">Yahoo!</a> O1 - Hosts: - <a href="http://us.rd.yahoo.com/503/*http://help.yahoo.com">Help</a></div></div> O1 - Hosts: <div id="bd"><h1>Sorry, Service Temporarily Unavailable.</h1> O1 - Hosts: The server is temporarily unable to service your O1 - Hosts: request due to maintenance downtime or capacity O1 - Hosts: problems. Please try again later. O1 - Hosts: <P>Additionally, a 503 Service Temporarily Unavailable O1 - Hosts: error was encountered while trying to use an ErrorDocument to handle the request. O1 - Hosts: <p>Please check the URL for proper spelling and capitalization. If O1 - Hosts: you're having trouble locating a destination on Yahoo!, try visiting the O1 - Hosts: <strong><a O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://www.yahoo.com">Yahoo! home O1 - Hosts: page</a></strong> or look through a list of <strong><a O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://docs.yahoo.com/docs/family/more/">Yahoo!'s O1 - Hosts: online services</a></strong>. Also, you may find what you're looking for O1 - Hosts: if you try searching below.</p> O1 - Hosts: <form name="s1" action="http://us.rd.yahoo.com/503/*-http://search.yahoo.com/search"><fieldset> O1 - Hosts: <legend><label for="s1p">Search the Web</label></legend> O1 - Hosts: <input type="text" size=30 name="p" id="s1p" title="enter search terms here"> O1 - Hosts: <input type="submit" value="Search"> O1 - Hosts: <span><a href="http://us.rd.yahoo.com/503/*http://search.yahoo.com/search/options?p=">advanced search</a> <span class=sep>|</span> <a href="http://us.rd.yahoo.com/503/*http://buzz.yahoo.com">most popular</a></span> O1 - Hosts: </fieldset></form> O1 - Hosts: <p class="more">Please try <strong><a O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://help.yahoo.com">Yahoo! O1 - Hosts: Help Central</a></strong> if you need more assistance.</p> O1 - Hosts: </div><div id="ft"><p>Copyright © 2009 Yahoo! Inc. O1 - Hosts: All rights reserved. <a O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://privacy.yahoo.com">Privacy O1 - Hosts: Policy</a> - <a O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://docs.yahoo.com/info/terms/">Terms O1 - Hosts: of Service</a></p></div> O1 - Hosts: </div></body></html> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exeO4 - HKLM\..\Run: [bron-Spizaetus] "C:\WINDOWS\ShellNew\bronstab.exe"O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\administrateur.CYBERSTADE\Local Settings\Application Data\smss.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: Empty.pif = ? O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213964242218 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213972808875 O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cyberstade.lan O17 - HKLM\Software\..\Telephony: DomainName = cyberstade.lan O17 - HKLM\System\CCS\Services\Tcpip\..\{ADD55CEC-C550-45E6-B74E-A2EFCC644CF7}: NameServer = 192.168.0.100 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cyberstade.lan O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cyberstade.lan O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp2\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp2\bin\mysql\mysql5.1.30\bin\mysqld.exe -- End of file - 13225 bytes Passage d'un rhosts sans grand succes / mbam trouve rien Cordialement
  11. eclypse
    Bonsoir Donc je voulais savoir si cela est normale avec la configuration suivante d'avoir (5/6 FPS) dans World of Warcraft Ordinateur: Système d'exploitation Microsoft Windows XP Home Edition Service Pack du système Service Pack 2 DirectX 4.09.00.0904 (DirectX 9.0c) Nom du système ACER-FE8B363750 Nom de l'utilisateur thomas Carte mère: Type de processeur Intel Celeron D 346, 3066 MHz (23 x 133) Nom de la carte mère ECS 661GX-M7 / 661GX/800-M7 (3 PCI, 1 AGP, 1 CNR, 2 DDR DIMM, Audio, Video, LAN) Chipset de la carte mère SiS 661GX Mémoire système 960 Mo (PC3200 DDR SDRAM) Type de BIOS Award (03/28/06) Port de communication Port de communication (COM1) Port de communication Port de communication (COM2) Port de communication Port imprimante ECP (LPT1) Moniteur: Carte vidéo SiS 661FX/GX Mirage Graphics (64 Mo) Accélérateur 3D SiS 330 Mirage Integrated Moniteur Écran Plug-and-Play [NoDB] (65103180) Multimédia: Carte audio SiS 7012 Audio Device Stockage: Contrôleur IDE Contrôleur SiS PCI IDE Contrôleur SCSI/RAID SiS 180/181 RAID Controller Disque dur Generic USB SD Reader USB Device Disque dur Generic USB CF Reader USB Device Disque dur Generic USB SM Reader USB Device Disque dur Generic USB MS Reader USB Device Disque dur WDC WD20 00JS-22NCB1 SCSI Disk Device (186 Go) Lecteur optique LITE-ON DVDRW SHW-160P6S État des disques durs SMART FAIL Partitions: C: (NTFS) 190779 Mo (167051 Mo libre) Entrée: Clavier Clavier standard 101/102 touches ou clavier Microsoft Natural Keyboard PS/2 Souris Souris compatible PS/2 Réseau: Carte réseau 802.11g USB 2.0 Wireless LAN Adapter (192.168.1.5) Périphériques: Imprimante Microsoft Office Document Image Writer Contrôleur USB1 SiS 7001 PCI-USB Open Host Controller Contrôleur USB1 SiS 7001 PCI-USB Open Host Controller Contrôleur USB1 SiS 7001 PCI-USB Open Host Controller Contrôleur USB2 SiS 7002 USB 2.0 Enhanced Host Controller Périphérique USB 802.11g USB 2.0 Wireless LAN Adapter Périphérique USB Périphérique de stockage de masse USB Si vous avez une solution je suis preneur Cordialement
  12. eclypse
    Bonjour Falkra, Crob-Mi Pardon pour l'intrusion Falkra @Crob-Mi Désactive l'UAC-User Account Control -contrôle des comptes utilisateurs (surtout, bien penser à le réactiver après la désinfection). Démarrer > Panneau de Configuration Clique sur Comptes d'utilisateurs Clique à nouveau sur Comptes d'utilisateurs (*En mode d'affichage "Classique" : Panneau de configuration >> double-clique sur "Comptes d'utilisateurs") Clique sur Activer ou désactiver le contrôle des comptes d'utilisateurs (au bas) Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur Clique Ok pour valider (**Si l'UAC était déjà désactivé, clique "Annuler", quitte le Panneau de configuration et passe à l'étape suivante - pas de redémarrage requis) Tu seras invité à redémarrer l'ordinateur ; clique Ok. Ton ordinateur doit maintenant redémarrer. Une fois redémarrer efface le répertoire C:\Program Files (x86)\MSNFix\ puis relance l'exécution de msnfix.exe en utilisant le clique droit exécuter avec les droits d'administrateur Une fois l'installation finie tu feras à l'identique pour lancer le fichier msnfix.bat @+
  13. eclypse

    antivir en français

    eclypse a répondu à un sujet dans Software

    Salut ! Bon pour faire bref rapide et concis ici (Page du serveur du lieu de téléchargement) ici (whois du nom de domaine principal d'antivir) ici (whois du nom de domaine des majs d'antivir et endroit ou est stocké le fichier) Comparez et à bon entendeur @+
  14. eclypse
    Salut un helpeur prendra la suite @+
  15. eclypse
    re Le rapport est incomplet ... poste moi le contenu du fichier resultat.txt qui doit se trouver dans c:\ @+
  16. eclypse
    Salut, 1°) Désactive Tea-Timer de spybot en faisant 2°) Ouvre hijackthis et lance l'option 1 et coche Clique sur fix checked 3°) MBAM Télécharge Malwarebytes' Anti-Malware (MBAM) Double clique sur le fichier téléchargé pour lancer le processus d'installation. Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte. Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche". Sélectionne "Exécuter un examen rapide" Clique sur "Rechercher" L'analyse démarre, le scan est relativement long, c'est normal. A la fin de l'analyse, un message s'affiche : Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi. Ferme tes navigateurs. Si des malwares ont été détectés, clique sur Afficher les résultats. Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse. 3°) Quelques conseils : Tout d'abord je te conseil vivement de supprimer AVAST : Comparaison Dans le cas ou tu souhaiterais supprimer avast pour antivir utilise ceci Pour installer antivir voici un très bon tuto Desktop Messenger : Donc tu peux sans risque le desinstaller via ton gestionnaire ajout supppression de programme P.S : un helpeur prendra la suite @+
  17. eclypse
    Salut 1°) Ouvre le bloc notes et copie / colle la citation suivante : Sauvegarde le fichier sous 1.reg (dans type tu dois avoir Tous les fichiers Double clique dessus et accepte ceci désactivera l'autorun de tout les supports que tu pourras insérer 2°) Télécharge Flash_Disinfector.exe de sUBs et enregistre-le sur ton bureau. Connecte tous les supports amovibles susceptibles d'avoir été infectés . et laisse toi guidé 3°)Lance ton fichier .bat en laissant tes supports connectés 4°) Ouvre le bloc note et copie / colle la citation suivante : Enregistre le sous 4.reg (toujours avec tous les fichiers dans type) Double clique dessus puis accepte afin de restaurer l'autorun Un helpeur prendra la suite @+
  18. eclypse
    Re Peux tu suivre ce tuto ici et me poster le rapport choix 1 @+
  19. eclypse
    Lance un scan antivirus alors
  20. eclypse
    Re Bon que du propre peux tu faire un scan en ligne ici uniquement par IE Trés bon tuto :ici @+
  21. eclypse
    Salut essaye ici pour otmoveit @+
  22. eclypse
    Salut Reouvre hijackthis lance l'option 1 et coche Clique sur fix checked Ensuite fait Démarrer Executer Cmd SC stop Hinsrv SC delete Hinsrv Reouvre hijackthis relance l'option 1 et coche Clique sur fix checked Télécharge OTMoveIt(d'OldTimer). Sauvegarde-le sur ton Bureau. Double-clique sur OTMoveIt.exe afin de le lancer. Sélectionne l'emplacement ci-dessous : Ton pc peux te demander de redémarrer Poste le rapport Ouvre le poste de travail puis ouvre le disque C et le dossier Program Files, supprimez les dossiers suivants : * FunWebProducts * MyWebSearch @+
  23. eclypse
    Salut Fais un scan ici via Internet Explorer Ton chipset est de marque INTEL ? Quel est ton fournisseur dacces a internet ? Pour accèder aux services : Cliques sur Démarrer Cliques sur Executer Tapes dans la fenêttre services.msc Pour arrêter et désactiver un service : Dans la liste déroulante trouves : Clic droit sur Propriétés Cliques sur Arrêter Cliques sur désacriver Ferme la fenêttre des services. Réouvre hijackthis et coche O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Clique sur fix checked Suis ce Tuto option 1 uniquement
  24. eclypse
    Salut on va regarder de plus prêt si tu veux bien Télécharge Malwarebytes' Anti-Malware (MBAM) * Double clique sur le fichier téléchargé pour lancer le processus d'installation. * Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte. * Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche". * Sélectionne "Exécuter un examen rapide" * Clique sur "Rechercher" * L'analyse démarre, le scan est relativement long, c'est normal. * A la fin de l'analyse, un message s'affiche : * Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi. * Ferme tes navigateurs. * Si des malwares ont été détectés, clique sur Afficher les résultats. Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. * MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse. Peux tu poster un log hijackthis complet en plus du rapport mbam @+
  25. eclypse
    Salut * Faire un clic droit sur ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip * Enregistrer la cible (du lien) sous... et enregistrez-le sur le bureau. * Faire un clic droit sur navilog1.zip et choisir "tout extraire" * Double-cliquer sur navilog1.exe * Arriver au menu principal, choisir l'option 1 et valider. * Patienter jusqu'au message : Analyse Termine le ... * Le rapport sera en outre sauvegardé à la racine du disque (fixnavi.txt) Poste le rapport + un log hijackthis stp
×
×
  • Créer...