Bazwell

Membres

Afficher le profil Afficher son activité

Compteur de contenus
4
Inscription
le 7 janvier 2009
Dernière visite
le 27 janvier 2009

Autres informations

Mes langues
francais, anglais

Bazwell's Achievements

Junior Member (3/12)

Réputation sur la communauté

Résolu - Probleme malware... explorer ne démarre pas automatiquement

Bazwell a répondu à un(e) sujet de Bazwell dans Analyses et éradication malwares

jour et nuit... au redémarrage, tout semble ok... beaucoup plus rapide a ouvrir vista aussi... merci beaucoup a toi.... et a tout ceux qui font ce genre d'aide! j'aimerais tellement être capable d'effectuer ce genre de support!!!!!!!
- le 7 janvier 2009
- 7 réponses
Résolu - Probleme malware... explorer ne démarre pas automatiquement

Bazwell a répondu à un(e) sujet de Bazwell dans Analyses et éradication malwares

Combo: ComboFix 09-01-06.02 - Caro et Jonh 2009-01-07 18:06:04.3 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1918.1005 [GMT -5:00] Lancé depuis: c:\users\Caro et Jonh\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Caro et Jonh\Desktop\CFScript.txt FILE :: c:\windll_v354.exe c:\windows\mchost.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windll_v354.exe c:\windows\mchost.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_WnvIRQ32Service ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-07 au 2009-01-07 )))))))))))))))))))))))))))))))))))) . 2009-01-06 22:15 . 2009-01-06 22:16 222,793,218 --a------ c:\windows\MEMORY.DMP 2009-01-06 20:47 . 2009-01-06 20:47 <REP> d-------- c:\users\Caro et Jon\AppData\Roaming\Malwarebytes 2009-01-05 20:30 . 2009-01-05 20:30 <REP> d-------- c:\users\Caro et Jonh\AppData\Roaming\SUPERAntiSpyware.com 2009-01-05 13:09 . 2009-01-05 13:09 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-01-05 06:59 . 2009-01-05 06:59 <REP> d-------- c:\users\All Users\SUPERAntiSpyware.com 2009-01-05 06:59 . 2009-01-05 06:59 <REP> d-------- c:\programdata\SUPERAntiSpyware.com 2009-01-05 06:58 . 2009-01-05 06:58 <REP> d-------- c:\users\Caro et Jon\AppData\Roaming\SUPERAntiSpyware.com 2009-01-05 06:58 . 2009-01-05 06:58 <REP> d-------- c:\program files\SUPERAntiSpyware 2009-01-05 06:58 . 2009-01-05 06:58 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-01-05 06:43 . 2009-01-05 06:43 <REP> d-------- c:\users\Caro et Jon\AppData\Roaming\DivX 2009-01-04 23:49 . 2009-01-04 23:49 <REP> d-------- C:\PerfLogs 2009-01-04 23:17 . 2008-01-19 02:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr 2009-01-04 23:16 . 2008-01-19 01:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-01-04 23:15 . 2008-01-19 02:36 704,512 --a------ c:\windows\System32\SmiEngine.dll 2009-01-04 23:15 . 2008-01-19 02:36 357,888 --a------ c:\windows\System32\wbemcomn.dll 2009-01-04 23:15 . 2008-01-19 02:34 305,152 --a------ c:\windows\System32\msdelta.dll 2009-01-04 23:15 . 2008-01-19 02:34 258,560 --a------ c:\windows\System32\dpx.dll 2009-01-04 23:15 . 2008-01-19 02:34 246,784 --a------ c:\windows\System32\drvstore.dll 2009-01-04 23:15 . 2008-01-19 02:36 218,624 --a------ c:\windows\System32\wdscore.dll 2009-01-04 23:15 . 2008-01-19 02:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll 2009-01-04 23:15 . 2008-01-19 02:33 130,560 --a------ c:\windows\System32\PkgMgr.exe 2009-01-04 23:15 . 2008-01-19 02:36 129,536 --a------ c:\windows\System32\sqmapi.dll 2009-01-04 23:15 . 2008-01-19 02:35 35,328 --a------ c:\windows\System32\mspatcha.dll 2009-01-04 22:58 . 2009-01-04 22:58 <REP> d-------- c:\users\Caro et Jon\AppData\Roaming\Yahoo! 2009-01-04 22:56 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Searches 2009-01-04 22:56 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Contacts 2009-01-04 22:56 . 2009-01-04 22:56 <REP> d-------- c:\users\Caro et Jon\AppData\Roaming\AVG7 2009-01-04 22:54 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Videos 2009-01-04 22:54 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Saved Games 2009-01-04 22:54 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Pictures 2009-01-04 22:54 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Music 2009-01-04 22:54 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Links 2009-01-04 22:54 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Downloads 2009-01-04 22:54 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Documents 2009-01-04 22:54 . 2006-11-02 07:37 <REP> d-------- c:\users\Caro et Jon\AppData\Roaming\Media Center Programs 2009-01-04 22:54 . 2009-01-04 22:56 <REP> d--h----- c:\users\Caro et Jon\AppData 2009-01-04 22:54 . 2009-01-04 22:56 <REP> d-------- c:\users\Caro et Jon 2009-01-04 21:53 . 2009-01-04 21:53 <REP> d-------- c:\users\Caro et Jonh\AppData\Roaming\Malwarebytes 2009-01-04 21:53 . 2009-01-04 21:53 <REP> d-------- c:\users\All Users\Malwarebytes 2009-01-04 21:53 . 2009-01-04 21:53 <REP> d-------- c:\programdata\Malwarebytes 2009-01-04 21:53 . 2009-01-04 21:54 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-04 21:53 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-01-04 21:53 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-01-04 20:06 . 2009-01-04 20:06 77,824 --ah----- C:\MsInstaller.exe 2009-01-04 13:30 . 2009-01-04 13:33 <REP> d-------- c:\users\Caro et Jonh\AppData\Roaming\CyberLink 2009-01-04 13:30 . 2009-01-04 13:30 <REP> d-------- c:\users\All Users\Cyberlink 2009-01-04 13:30 . 2009-01-04 13:30 <REP> d-------- c:\programdata\Cyberlink 2009-01-04 13:29 . 2006-06-04 15:48 44,544 --a------ c:\windows\System32\msxml4a.dll 2009-01-04 13:28 . 2009-01-04 20:36 <REP> d-------- c:\program files\CyberLink 2009-01-04 13:28 . 2009-01-04 13:33 <REP> d-------- C:\MyWorks 2008-12-30 23:01 . 2008-10-01 20:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2008-12-29 17:33 . 2009-01-05 22:41 <REP> d-------- c:\program files\nLite 2008-12-28 10:15 . 2008-12-28 10:15 <REP> d-------- c:\users\All Users\Trymedia 2008-12-28 10:15 . 2008-12-28 10:15 <REP> d-------- c:\programdata\Trymedia 2008-12-28 10:14 . 2008-12-28 10:15 <REP> d-------- c:\program files\Risk II 2008-12-28 10:14 . 2008-12-28 10:14 <REP> d-------- c:\program files\ReflexiveArcade 2008-12-21 22:44 . 2008-12-21 22:44 0 --a------ c:\windows\nsreg.dat 2008-12-14 20:53 . 2008-12-15 18:43 <REP> d-------- c:\program files\PSP Pandora Deluxe 2008-12-10 21:18 . 2008-10-21 20:22 2,048 --a------ c:\windows\System32\tzres.dll 2008-12-10 21:16 . 2008-09-05 00:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-12-10 21:16 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-12-10 21:14 . 2008-09-18 00:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe 2008-12-10 21:14 . 2008-09-18 00:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe 2008-12-10 21:14 . 2008-10-29 01:29 2,927,104 --a------ c:\windows\explorer.exe 2008-12-10 21:14 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-12-10 21:14 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-12-10 21:14 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-12-10 21:14 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-12-10 21:14 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-07 11:29 786,432 --sha-w c:\users\Invité\NTUSER.DAT 2009-01-07 11:29 786,432 --sha-w c:\users\Invité\NTUSER.DAT 2009-01-07 08:21 --------- d-----w c:\programdata\avg7 2009-01-07 03:00 --------- d-----w c:\program files\FileZilla Client 2009-01-05 04:57 174 --sha-w c:\program files\desktop.ini 2009-01-05 04:51 --------- d-----w c:\program files\Windows Sidebar 2009-01-05 04:51 --------- d-----w c:\program files\Windows Photo Gallery 2009-01-05 04:51 --------- d-----w c:\program files\Windows Mail 2009-01-05 04:51 --------- d-----w c:\program files\Windows Journal 2009-01-05 04:51 --------- d-----w c:\program files\Windows Collaboration 2009-01-05 04:51 --------- d-----w c:\program files\Windows Calendar 2009-01-05 04:50 --------- d-----w c:\program files\Windows Defender 2009-01-05 04:38 82,432 ----a-w c:\windows\System32\axaltocm.dll 2009-01-05 04:38 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2009-01-05 01:36 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-05 01:10 --------- d-----w c:\users\Caro et Jonh\AppData\Roaming\uTorrent 2008-12-19 20:07 --------- d-----w c:\programdata\DVD Shrink 2008-12-19 19:21 --------- d-----w c:\users\Caro et Jonh\AppData\Roaming\RipIt4Me 2008-12-16 00:26 --------- d-----w c:\program files\LogMeIn 2008-12-11 17:38 --------- d-----w c:\program files\Microsoft Silverlight 2008-11-25 23:22 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-25 23:22 --------- d-----w c:\program files\iTunes 2008-11-25 23:22 --------- d-----w c:\program files\iPod 2008-11-25 23:22 --------- d-----w c:\program files\Common Files\Apple 2008-11-25 23:21 --------- d-----w c:\program files\QuickTime 2008-11-18 01:11 --------- d-----w c:\users\Caro et Jonh\AppData\Roaming\gtk-2.0 2008-11-10 03:23 --------- d-----w c:\program files\FixTunes 2008-11-10 01:40 --------- d-----w c:\users\Caro et Jonh\AppData\Roaming\Sony Corporation 2008-11-10 01:40 --------- d-----w c:\programdata\Sony Corporation 2008-11-10 01:40 --------- d-----w c:\programdata\SonicStage 2008-11-09 16:00 --------- d-----w c:\program files\Sony 2008-11-09 16:00 --------- d-----w c:\program files\Common Files\Sony Shared 2008-11-09 16:00 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-07 04:20 --------- d-----w c:\program files\Common Files\Adobe 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll 2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll 2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll 2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll 2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe 2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll 2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll 2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll 2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll 2008-10-16 19:08 162,064 ----a-w c:\windows\System32\wuwebv.dll 2008-10-16 18:56 31,232 ----a-w c:\windows\System32\wuapp.exe 2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll 2008-07-31 22:00 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-07-31 22:00 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-07-31 22:00 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2008-04-04 05:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008031720080324\index.dat 2008-04-04 05:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008040420080405\index.dat 2008-04-04 05:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat . ((((((((((((((((((((((((((((( snapshot_2009-01-07_ 6.34.07,20 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE - 2009-01-07 03:15:47 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-01-07 23:10:14 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-01-07 03:15:47 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-01-07 23:10:14 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-01-07 03:18:26 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-01-07 23:20:49 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-01-07 23:20:49 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-01-07 03:17:46 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-01-07 23:20:44 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-01-07 23:20:44 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-01-07 11:28:01 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-01-07 23:13:31 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-01-07 11:28:01 114,688 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-01-07 23:13:31 114,688 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-01-07 11:28:01 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-01-07 23:13:31 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-01-07 03:21:30 101,052 ----a-w c:\windows\System32\perfc009.dat + 2009-01-07 23:17:45 101,052 ----a-w c:\windows\System32\perfc009.dat - 2009-01-07 03:21:30 123,350 ----a-w c:\windows\System32\perfc00C.dat + 2009-01-07 23:17:45 123,350 ----a-w c:\windows\System32\perfc00C.dat - 2009-01-07 03:21:30 586,980 ----a-w c:\windows\System32\perfh009.dat + 2009-01-07 23:17:45 586,980 ----a-w c:\windows\System32\perfh009.dat - 2009-01-07 03:21:30 669,340 ----a-w c:\windows\System32\perfh00C.dat + 2009-01-07 23:17:45 669,340 ----a-w c:\windows\System32\perfh00C.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-16 171448] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-25 219136] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-16 171448] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] 2007-09-18 22:24 9216 c:\windows\System32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iyuv"= WnvYV12.dll "vidc.i420"= WnvYV12.dll "VIDC.HFYU"= huffyuv.dll "MIXER8"= WnvMxr.dll "WAVE8"= WnvWav32.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3009424867-1769547912-1797722821-1000] "EnableNotificationsRef"=dword:00000003 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{E1AF357F-E1D4-4F9D-9954-77942165DCB4}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{67ECE27E-9EDD-4F2C-8196-EB5062E9A6B1}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{B567682E-7E60-4ED5-9DB4-A397EF946B56}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{684743C6-B669-47A5-B051-F4D52E5FF40B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{E604EF99-E19B-4AB6-8045-4C7B199E4612}c:\\windows\\system32\\ftp.exe"= UDP:c:\windows\system32\ftp.exe:Logiciel de transfert de fichiers "UDP Query User{BD7E7B22-10D0-42E5-B8F6-1D397EF087D4}c:\\windows\\system32\\ftp.exe"= TCP:c:\windows\system32\ftp.exe:Logiciel de transfert de fichiers "{9DB29855-030E-4DA0-9E79-0DC23F2A6E35}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{762898FA-126A-4666-86B3-D990F2229933}c:\\users\\caro et jonh\\desktop\\gps\\miopocket_2.0_release_24\\mioautorun\\programs\\win32\\asrdisp.exe"= UDP:c:\users\caro et jonh\desktop\gps\miopocket_2.0_release_24\mioautorun\programs\win32\asrdisp.exe:asrdisp.exe "UDP Query User{F3BD8E82-85CA-41C6-ADD0-6764AD57E971}c:\\users\\caro et jonh\\desktop\\gps\\miopocket_2.0_release_24\\mioautorun\\programs\\win32\\asrdisp.exe"= TCP:c:\users\caro et jonh\desktop\gps\miopocket_2.0_release_24\mioautorun\programs\win32\asrdisp.exe:asrdisp.exe "{A4C2EE5B-93DF-4CC1-AE8C-91025BED94EE}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{7F190FF0-ED90-45BB-AC3F-88BB3F41DCAE}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{E559710A-C637-4311-B64D-30435A54B189}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{373E1F88-D9E5-4CA9-A797-E7FB70FB6F7C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{9AB86243-6B58-44E0-9515-7F10A8939F60}c:\\program files\\winnov videum nt\\wnvrsvr.exe"= UDP:c:\program files\winnov videum nt\wnvrsvr.exe:Videum Video Capture "UDP Query User{4E566BC1-411D-4855-91D5-4BACFEEE70AC}c:\\program files\\winnov videum nt\\wnvrsvr.exe"= TCP:c:\program files\winnov videum nt\wnvrsvr.exe:Videum Video Capture "{035A9A71-1CF1-4828-BB10-C1183E73694A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{C2FA7665-002B-481E-804E-E7F3131B6DC2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{BD41285D-B89A-456E-9F9F-EF474C8A4C27}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{F4AEAD28-8A5C-4AC9-AE64-D4CB49CAEA90}"= UDP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server "{C11FE438-C9DA-411A-8983-A2CC61F1437A}"= TCP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server "{E978ECF1-336A-42C6-A084-29693E2BEAC2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{169B4A1B-FA1F-4A33-B3AF-D048A0FC202E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{DC38A462-E110-4ECF-A7B5-4FB38978235E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/12/2008 11:06:00 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 11:05:58 55024] R3 AvgWFP;AVG7 Firewall Driver x86;c:\windows\System32\drivers\avgwfp.sys [18/09/2007 22:24:54 53768] R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24/07/2008 17:46:12 12856] R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [24/09/2008 21:32:11 47640] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 11:06:02 7408] --- Other Services/Drivers In Memory --- *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Contenu du dossier 'Tâches planifiées' 2009-01-07 c:\windows\Tasks\User_Feed_Synchronization-{CE558F3B-8732-4F4E-A2AD-7442A46A8450}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 02:33] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ca/ uInternet Settings,ProxyOverride = *.local . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-07 18:25:14 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\progra~1\Grisoft\AVG7\avgamsvr.exe c:\progra~1\Grisoft\AVG7\avgupsvc.exe c:\progra~1\Grisoft\AVG7\avgrssvc.exe c:\progra~1\Grisoft\AVG7\avgemc.exe c:\progra~1\Grisoft\AVG7\avgrssvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\NVIDIA Corporation\nTune\nTuneService.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files\TVersity\Media Server\MediaServer.exe c:\windows\System32\drivers\XAudio.exe c:\windows\System32\WUDFHost.exe c:\program files\Grisoft\AVG7\avgcc.exe c:\windows\System32\rundll32.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\iPod\bin\iPodService.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\windows\System32\dllhost.exe . ************************************************************************** . Heure de fin: 2009-01-07 18:27:47 - La machine a redémarré ComboFix-quarantined-files.txt 2009-01-07 23:27:43 ComboFix2.txt 2009-01-07 11:35:22 ComboFix3.txt 2009-01-07 03:11:53 Avant-CF: 11 512 336 384 octets libres Après-CF: 11,326,070,784 octets libres 312 --- E O F --- 2009-01-05 04:40:06 ------------------------------------------------------------------------------------------------------------------------------ HjT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:33:25, on 2009-01-07 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Caro et Jonh\Desktop\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll (file missing) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7524 bytes
- le 7 janvier 2009
- 7 réponses
Résolu - Probleme malware... explorer ne démarre pas automatiquement

Bazwell a répondu à un(e) sujet de Bazwell dans Analyses et éradication malwares

Voila! Merci bcp de ton aide! ComboFix 09-01-06.02 - Caro et Jonh 2009-01-07 6:29:42.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1918.960 [GMT -5:00] Lancé depuis: c:\users\Caro et Jonh\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-07 au 2009-01-07 )))))))))))))))))))))))))))))))))))) . 2009-01-06 22:15 . 2009-01-06 22:16 222,793,218 --a------ c:\windows\MEMORY.DMP 2009-01-06 20:47 . 2009-01-06 20:47 <REP> d-------- c:\users\Caro et Jon\AppData\Roaming\Malwarebytes 2009-01-05 20:30 . 2009-01-05 20:30 <REP> d-------- c:\users\Caro et Jonh\AppData\Roaming\SUPERAntiSpyware.com 2009-01-05 13:09 . 2009-01-05 13:09 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-01-05 06:59 . 2009-01-05 06:59 <REP> d-------- c:\users\All Users\SUPERAntiSpyware.com 2009-01-05 06:59 . 2009-01-05 06:59 <REP> d-------- c:\programdata\SUPERAntiSpyware.com 2009-01-05 06:58 . 2009-01-05 06:58 <REP> d-------- c:\users\Caro et Jon\AppData\Roaming\SUPERAntiSpyware.com 2009-01-05 06:58 . 2009-01-05 06:58 <REP> d-------- c:\program files\SUPERAntiSpyware 2009-01-05 06:58 . 2009-01-05 06:58 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-01-05 06:43 . 2009-01-05 06:43 <REP> d-------- c:\users\Caro et Jon\AppData\Roaming\DivX 2009-01-04 23:49 . 2009-01-04 23:49 <REP> d-------- C:\PerfLogs 2009-01-04 23:17 . 2008-01-19 02:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr 2009-01-04 23:16 . 2008-01-19 01:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-01-04 23:15 . 2008-01-19 02:36 704,512 --a------ c:\windows\System32\SmiEngine.dll 2009-01-04 23:15 . 2008-01-19 02:36 357,888 --a------ c:\windows\System32\wbemcomn.dll 2009-01-04 23:15 . 2008-01-19 02:34 305,152 --a------ c:\windows\System32\msdelta.dll 2009-01-04 23:15 . 2008-01-19 02:34 258,560 --a------ c:\windows\System32\dpx.dll 2009-01-04 23:15 . 2008-01-19 02:34 246,784 --a------ c:\windows\System32\drvstore.dll 2009-01-04 23:15 . 2008-01-19 02:36 218,624 --a------ c:\windows\System32\wdscore.dll 2009-01-04 23:15 . 2008-01-19 02:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll 2009-01-04 23:15 . 2008-01-19 02:33 130,560 --a------ c:\windows\System32\PkgMgr.exe 2009-01-04 23:15 . 2008-01-19 02:36 129,536 --a------ c:\windows\System32\sqmapi.dll 2009-01-04 23:15 . 2008-01-19 02:35 35,328 --a------ c:\windows\System32\mspatcha.dll 2009-01-04 22:58 . 2009-01-04 22:58 <REP> d-------- c:\users\Caro et Jon\AppData\Roaming\Yahoo! 2009-01-04 22:56 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Searches 2009-01-04 22:56 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Contacts 2009-01-04 22:56 . 2009-01-04 22:56 <REP> d-------- c:\users\Caro et Jon\AppData\Roaming\AVG7 2009-01-04 22:54 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Videos 2009-01-04 22:54 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Saved Games 2009-01-04 22:54 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Pictures 2009-01-04 22:54 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Music 2009-01-04 22:54 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Links 2009-01-04 22:54 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Downloads 2009-01-04 22:54 . 2009-01-04 22:56 <REP> dr------- c:\users\Caro et Jon\Documents 2009-01-04 22:54 . 2006-11-02 07:37 <REP> d-------- c:\users\Caro et Jon\AppData\Roaming\Media Center Programs 2009-01-04 22:54 . 2009-01-04 22:56 <REP> d--h----- c:\users\Caro et Jon\AppData 2009-01-04 22:54 . 2009-01-04 22:56 <REP> d-------- c:\users\Caro et Jon 2009-01-04 21:53 . 2009-01-04 21:53 <REP> d-------- c:\users\Caro et Jonh\AppData\Roaming\Malwarebytes 2009-01-04 21:53 . 2009-01-04 21:53 <REP> d-------- c:\users\All Users\Malwarebytes 2009-01-04 21:53 . 2009-01-04 21:53 <REP> d-------- c:\programdata\Malwarebytes 2009-01-04 21:53 . 2009-01-04 21:54 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-04 21:53 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-01-04 21:53 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-01-04 20:08 . 2009-01-04 20:07 344,064 -rahs---- c:\windows\mchost.exe 2009-01-04 20:07 . 2009-01-04 20:07 344,064 --ah----- C:\windll_v354.exe 2009-01-04 20:06 . 2009-01-04 20:06 77,824 --ah----- C:\MsInstaller.exe 2009-01-04 13:30 . 2009-01-04 13:33 <REP> d-------- c:\users\Caro et Jonh\AppData\Roaming\CyberLink 2009-01-04 13:30 . 2009-01-04 13:30 <REP> d-------- c:\users\All Users\Cyberlink 2009-01-04 13:30 . 2009-01-04 13:30 <REP> d-------- c:\programdata\Cyberlink 2009-01-04 13:29 . 2006-06-04 15:48 44,544 --a------ c:\windows\System32\msxml4a.dll 2009-01-04 13:28 . 2009-01-04 20:36 <REP> d-------- c:\program files\CyberLink 2009-01-04 13:28 . 2009-01-04 13:33 <REP> d-------- C:\MyWorks 2008-12-30 23:01 . 2008-10-01 20:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2008-12-29 17:33 . 2009-01-05 22:41 <REP> d-------- c:\program files\nLite 2008-12-28 10:15 . 2008-12-28 10:15 <REP> d-------- c:\users\All Users\Trymedia 2008-12-28 10:15 . 2008-12-28 10:15 <REP> d-------- c:\programdata\Trymedia 2008-12-28 10:14 . 2008-12-28 10:15 <REP> d-------- c:\program files\Risk II 2008-12-28 10:14 . 2008-12-28 10:14 <REP> d-------- c:\program files\ReflexiveArcade 2008-12-21 22:44 . 2008-12-21 22:44 0 --a------ c:\windows\nsreg.dat 2008-12-14 20:53 . 2008-12-15 18:43 <REP> d-------- c:\program files\PSP Pandora Deluxe 2008-12-10 21:18 . 2008-10-21 20:22 2,048 --a------ c:\windows\System32\tzres.dll 2008-12-10 21:16 . 2008-09-05 00:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-12-10 21:16 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-12-10 21:14 . 2008-09-18 00:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe 2008-12-10 21:14 . 2008-09-18 00:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe 2008-12-10 21:14 . 2008-10-29 01:29 2,927,104 --a------ c:\windows\explorer.exe 2008-12-10 21:14 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-12-10 21:14 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-12-10 21:14 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-12-10 21:14 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-12-10 21:14 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-07 11:29 786,432 --sha-w c:\users\Invité\NTUSER.DAT 2009-01-07 11:29 786,432 --sha-w c:\users\Invité\NTUSER.DAT 2009-01-07 08:21 --------- d-----w c:\programdata\avg7 2009-01-07 03:00 --------- d-----w c:\program files\FileZilla Client 2009-01-05 04:57 174 --sha-w c:\program files\desktop.ini 2009-01-05 04:51 --------- d-----w c:\program files\Windows Sidebar 2009-01-05 04:51 --------- d-----w c:\program files\Windows Photo Gallery 2009-01-05 04:51 --------- d-----w c:\program files\Windows Mail 2009-01-05 04:51 --------- d-----w c:\program files\Windows Journal 2009-01-05 04:51 --------- d-----w c:\program files\Windows Collaboration 2009-01-05 04:51 --------- d-----w c:\program files\Windows Calendar 2009-01-05 04:50 --------- d-----w c:\program files\Windows Defender 2009-01-05 04:38 82,432 ----a-w c:\windows\System32\axaltocm.dll 2009-01-05 04:38 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2009-01-05 01:36 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-05 01:10 --------- d-----w c:\users\Caro et Jonh\AppData\Roaming\uTorrent 2008-12-19 20:07 --------- d-----w c:\programdata\DVD Shrink 2008-12-19 19:21 --------- d-----w c:\users\Caro et Jonh\AppData\Roaming\RipIt4Me 2008-12-16 00:26 --------- d-----w c:\program files\LogMeIn 2008-12-11 17:38 --------- d-----w c:\program files\Microsoft Silverlight 2008-11-25 23:22 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-25 23:22 --------- d-----w c:\program files\iTunes 2008-11-25 23:22 --------- d-----w c:\program files\iPod 2008-11-25 23:22 --------- d-----w c:\program files\Common Files\Apple 2008-11-25 23:21 --------- d-----w c:\program files\QuickTime 2008-11-18 01:11 --------- d-----w c:\users\Caro et Jonh\AppData\Roaming\gtk-2.0 2008-11-10 03:23 --------- d-----w c:\program files\FixTunes 2008-11-10 01:40 --------- d-----w c:\users\Caro et Jonh\AppData\Roaming\Sony Corporation 2008-11-10 01:40 --------- d-----w c:\programdata\Sony Corporation 2008-11-10 01:40 --------- d-----w c:\programdata\SonicStage 2008-11-09 16:00 --------- d-----w c:\program files\Sony 2008-11-09 16:00 --------- d-----w c:\program files\Common Files\Sony Shared 2008-11-09 16:00 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-07 04:20 --------- d-----w c:\program files\Common Files\Adobe 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll 2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll 2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll 2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll 2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe 2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll 2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll 2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll 2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll 2008-10-16 19:08 162,064 ----a-w c:\windows\System32\wuwebv.dll 2008-10-16 18:56 31,232 ----a-w c:\windows\System32\wuapp.exe 2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll 2008-07-31 22:00 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-07-31 22:00 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-07-31 22:00 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2008-04-04 05:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008031720080324\index.dat 2008-04-04 05:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008040420080405\index.dat 2008-04-04 05:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-06_22.10.38,02 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-07 03:01:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-01-07 03:15:47 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-01-07 03:01:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-01-07 03:15:47 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-01-07 03:03:15 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-01-07 03:18:26 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-01-07 03:18:26 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-01-07 03:03:10 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-01-07 03:17:46 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-01-07 03:17:46 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-01-07 03:01:46 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-01-07 11:28:01 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-01-07 03:01:46 114,688 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-01-07 11:28:01 114,688 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-01-07 03:01:46 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-01-07 11:28:01 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-01-07 03:06:46 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat + 2009-01-07 11:29:32 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat + 2009-01-07 11:29:32 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1 - 2009-01-07 03:07:41 101,052 ----a-w c:\windows\System32\perfc009.dat + 2009-01-07 03:21:30 101,052 ----a-w c:\windows\System32\perfc009.dat - 2009-01-07 03:07:41 123,350 ----a-w c:\windows\System32\perfc00C.dat + 2009-01-07 03:21:30 123,350 ----a-w c:\windows\System32\perfc00C.dat - 2009-01-07 03:07:41 586,980 ----a-w c:\windows\System32\perfh009.dat + 2009-01-07 03:21:30 586,980 ----a-w c:\windows\System32\perfh009.dat - 2009-01-07 03:07:41 669,340 ----a-w c:\windows\System32\perfh00C.dat + 2009-01-07 03:21:30 669,340 ----a-w c:\windows\System32\perfh00C.dat - 2009-01-07 03:03:40 9,356 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3009424867-1769547912-1797722821-1000_UserData.bin + 2009-01-07 03:18:44 9,584 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3009424867-1769547912-1797722821-1000_UserData.bin - 2009-01-07 03:03:38 51,170 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-01-07 03:18:43 51,376 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-16 171448] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "settings"="c:\windows\mchost.exe" [2009-01-04 344064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-25 219136] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-16 171448] [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run] "settings"="c:\windows\mchost.exe" [2009-01-04 344064] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] 2007-09-18 22:24 9216 c:\windows\System32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iyuv"= WnvYV12.dll "vidc.i420"= WnvYV12.dll "VIDC.HFYU"= huffyuv.dll "MIXER8"= WnvMxr.dll "WAVE8"= WnvWav32.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3009424867-1769547912-1797722821-1000] "EnableNotificationsRef"=dword:00000003 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{E1AF357F-E1D4-4F9D-9954-77942165DCB4}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{67ECE27E-9EDD-4F2C-8196-EB5062E9A6B1}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{B567682E-7E60-4ED5-9DB4-A397EF946B56}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{684743C6-B669-47A5-B051-F4D52E5FF40B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{E604EF99-E19B-4AB6-8045-4C7B199E4612}c:\\windows\\system32\\ftp.exe"= UDP:c:\windows\system32\ftp.exe:Logiciel de transfert de fichiers "UDP Query User{BD7E7B22-10D0-42E5-B8F6-1D397EF087D4}c:\\windows\\system32\\ftp.exe"= TCP:c:\windows\system32\ftp.exe:Logiciel de transfert de fichiers "{9DB29855-030E-4DA0-9E79-0DC23F2A6E35}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{762898FA-126A-4666-86B3-D990F2229933}c:\\users\\caro et jonh\\desktop\\gps\\miopocket_2.0_release_24\\mioautorun\\programs\\win32\\asrdisp.exe"= UDP:c:\users\caro et jonh\desktop\gps\miopocket_2.0_release_24\mioautorun\programs\win32\asrdisp.exe:asrdisp.exe "UDP Query User{F3BD8E82-85CA-41C6-ADD0-6764AD57E971}c:\\users\\caro et jonh\\desktop\\gps\\miopocket_2.0_release_24\\mioautorun\\programs\\win32\\asrdisp.exe"= TCP:c:\users\caro et jonh\desktop\gps\miopocket_2.0_release_24\mioautorun\programs\win32\asrdisp.exe:asrdisp.exe "{A4C2EE5B-93DF-4CC1-AE8C-91025BED94EE}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{7F190FF0-ED90-45BB-AC3F-88BB3F41DCAE}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{E559710A-C637-4311-B64D-30435A54B189}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{373E1F88-D9E5-4CA9-A797-E7FB70FB6F7C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{9AB86243-6B58-44E0-9515-7F10A8939F60}c:\\program files\\winnov videum nt\\wnvrsvr.exe"= UDP:c:\program files\winnov videum nt\wnvrsvr.exe:Videum Video Capture "UDP Query User{4E566BC1-411D-4855-91D5-4BACFEEE70AC}c:\\program files\\winnov videum nt\\wnvrsvr.exe"= TCP:c:\program files\winnov videum nt\wnvrsvr.exe:Videum Video Capture "{035A9A71-1CF1-4828-BB10-C1183E73694A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{C2FA7665-002B-481E-804E-E7F3131B6DC2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{BD41285D-B89A-456E-9F9F-EF474C8A4C27}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{F4AEAD28-8A5C-4AC9-AE64-D4CB49CAEA90}"= UDP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server "{C11FE438-C9DA-411A-8983-A2CC61F1437A}"= TCP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server "{E978ECF1-336A-42C6-A084-29693E2BEAC2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{169B4A1B-FA1F-4A33-B3AF-D048A0FC202E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{DC38A462-E110-4ECF-A7B5-4FB38978235E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/12/2008 11:06:00 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 11:05:58 55024] R3 AvgWFP;AVG7 Firewall Driver x86;c:\windows\System32\drivers\avgwfp.sys [18/09/2007 22:24:54 53768] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 11:06:02 7408] R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24/07/2008 17:46:12 12856] R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [24/09/2008 21:32:11 47640] S4 WnvIRQ32Service;WnvIRQ32;c:\windows\system32\WnvIRQ32.exe --> c:\windows\system32\WnvIRQ32.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361dbd39-665f-11dc-aa98-001bfc071f32}] \shell\AutoRun\command - G:\usbstart.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{NQQ5L861-82LC-FV28-BC5R-EK164PT2UCAG}] "c:\windows\mchost.exe" . Contenu du dossier 'Tâches planifiées' 2009-01-07 c:\windows\Tasks\User_Feed_Synchronization-{CE558F3B-8732-4F4E-A2AD-7442A46A8450}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 02:33] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ca/ uInternet Settings,ProxyOverride = *.local . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-07 06:33:41 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2009-01-07 6:35:21 ComboFix-quarantined-files.txt 2009-01-07 11:35:19 ComboFix.txt 2009-01-07 03:11:53 Avant-CF: 11 517 726 720 octets libres Après-CF: 11,487,408,128 octets libres 288 --- E O F --- 2009-01-05 04:40:06
- le 7 janvier 2009
- 7 réponses
Résolu - Probleme malware... explorer ne démarre pas automatiquement

Bazwell a posté un sujet dans Analyses et éradication malwares

Bonjour groupe, petit problème, et ca ne me tente pas de tout ré-installer... donc je me suis mis a chercher sur le web, et je vous ai trouvé!! peut-être trouveraige de l'aide plus facilement ici... Donc, vif du sujet: je redémarre mon poste de travail, et après la connection, je reste sur un écran noir... ctrl-alt-del, gestionnaire de tache, rien ne s'execute... ou presque... ce que je vois: un iexplore.exe , mais pas de explorer ... donc nouvelle tache, explorer.exe ... tada... me voici dans windows... sauf que la, a toutes les fois... c'est pas normal... en cherchant un peu, j'ai trouvé des gens ayant les mêmes symptômes, et j'ai trouvé des références sur cette clé de registre: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="Explorer.exe \"C:\\Windows\\mchost.exe\"" et plusieurs informations de HjT ou de Combofix pour erradiquer le tout... pouvez vous m'aider, messieurs les experts? -------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:54:37, on 2009-01-06 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\mobsync.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Caro et Jonh\Desktop\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe "C:\Windows\mchost.exe" F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,"C:\Windows\mchost.exe", O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [settings] C:\Windows\mchost.exe O4 - HKCU\..\Policies\Explorer\Run: [settings] C:\Windows\mchost.exe O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll (file missing) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: WnvIRQ32 (WnvIRQ32Service) - Unknown owner - C:\Windows\system32\WnvIRQ32.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8259 bytes
- le 7 janvier 2009
- 7 réponses

Connexion

Bazwell

Compteur de contenus

Inscription

Dernière visite

Autres informations

Bazwell's Achievements

Junior Member (3/12)

Réputation sur la communauté

Résolu - Probleme malware... explorer ne démarre pas automatiquement

Résolu - Probleme malware... explorer ne démarre pas automatiquement

Résolu - Probleme malware... explorer ne démarre pas automatiquement

Résolu - Probleme malware... explorer ne démarre pas automatiquement

Zebulon

Outils en ligne

Naviguer