Aller au contenu

malif

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par malif

  1. malif
    Bonjour, Ci-dessous le rapport de ComboFix concernant mon ordinateur plein de virus et, surtout, de malware et spyware. Quelqu'un pourrait m'aider à m'en débarrasser ? Bien merci d'avance. ComboFix 09-03-04.01 - **** 2009-03-07 10:48:51.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2036.1382 [GMT 1:00] Lancé depuis: c:\documents and settings\****\Bureau\ComboFix.exe AV: avast! antivirus 4.8.1169 [VPS 080329-0] *On-access scanning disabled* (Outdated) AV: BitDefender Antivirus *On-access scanning disabled* (Updated) FW: Pare-feu BitDefender *disabled* AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Exécution préalable ------- . C:\autorun.inf c:\windows\system32\Cache D:\Autorun.inf F:\2u.com F:\autorun.inf G:\Autorun.inf H:\2.bat H:\2u.com H:\autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-07 au 2009-03-07 )))))))))))))))))))))))))))))))))))) . 2009-03-07 10:29 . 2009-03-07 10:29 121 --a------ c:\windows\bdagent.INI 2009-03-07 09:55 . 2009-03-07 10:29 81,984 --a------ c:\windows\system32\bdod.bin 2009-03-07 09:45 . 2009-03-07 09:45 850 --a------ c:\windows\system32\ProductTweaks.xml 2009-03-07 09:45 . 2009-03-07 09:45 385 --a------ c:\windows\system32\user_gensett.xml 2009-03-06 23:06 . 2009-03-07 10:29 <REP> d-------- c:\program files\BitDefender 2009-03-06 23:04 . 2009-03-07 10:29 <REP> d-------- c:\program files\Fichiers communs\BitDefender 2009-03-06 22:42 . 2009-03-06 22:42 80 --a------ C:\bootdelete.lst 2009-03-06 22:16 . 2009-03-06 22:41 <REP> d-------- c:\documents and settings\All Users\Application Data\Hitman Pro 3 2009-03-06 22:16 . 2009-03-06 22:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Hitman Pro 2009-03-06 22:11 . 2009-03-06 22:14 <REP> d-------- c:\program files\SpywareBlaster 2009-03-06 21:35 . 2009-03-06 21:35 <REP> d-------- c:\program files\Spybot - Search & Destroy 2009-03-06 21:35 . 2009-03-06 21:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-06 20:17 . 2009-03-06 21:30 <REP> d-------- c:\program files\Spyware Terminator 2009-03-06 20:17 . 2009-03-06 20:17 <REP> d-------- c:\documents and settings\****\Application Data\Spyware Terminator 2009-03-06 20:17 . 2009-03-06 21:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator 2009-03-06 20:17 . 2009-03-06 20:17 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys 2009-03-06 18:52 . 2009-03-06 18:52 <REP> d-------- c:\windows\system32\Kaspersky Lab 2009-03-05 21:54 . 2009-03-05 21:54 <REP> d-------- c:\program files\Alwil Software 2009-03-05 21:19 . 2005-06-03 15:56 53,248 -ra------ c:\windows\UpdtNv28.exe 2009-03-05 21:11 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-03-05 21:11 . 2009-03-05 21:11 260 --a------ c:\windows\_delis32.ini 2009-03-05 21:10 . 2009-03-05 21:51 <REP> d-------- c:\program files\Symantec 2009-03-05 21:10 . 2009-03-05 21:51 <REP> d-------- c:\program files\Fichiers communs\Symantec Shared 2009-03-05 21:10 . 2009-03-05 21:10 <REP> d-------- c:\documents and settings\****\Application Data\Symantec 2009-03-05 21:10 . 2009-03-05 21:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Symantec 2009-03-05 19:36 . 2001-08-17 21:52 18,688 --a------ c:\windows\system32\drivers\cdaudio.sys 2009-03-05 19:36 . 2001-08-17 21:52 18,688 --a--c--- c:\windows\system32\dllcache\cdaudio.sys 2009-03-05 19:31 . 2009-03-05 20:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-03-05 19:23 . 2009-03-05 19:30 <REP> d-------- C:\kav 2009-03-05 09:44 . 2009-03-05 09:44 <REP> d-------- c:\documents and settings\****\Application Data\pdf995 2009-03-05 09:44 . 2009-03-05 09:44 28 --a------ c:\windows\pdf995.ini 2009-03-05 09:25 . 2002-05-14 13:08 94,208 --a--c--- c:\windows\system32\dllcache\fpencode.dll 2009-03-05 09:24 . 2009-03-05 09:24 <REP> d-------- c:\documents and settings\****\Application Data\Microsoft Web Folders 2009-03-04 20:26 . 2009-03-04 20:26 <REP> d-------- c:\program files\Fichiers communs\xing shared 2009-03-04 20:25 . 2009-03-04 20:25 <REP> d-------- c:\program files\Real 2009-03-04 20:25 . 2009-03-04 20:26 <REP> d-------- c:\program files\Fichiers communs\Real 2009-03-04 17:37 . 2009-03-04 17:37 <REP> d-------- c:\documents and settings\****\Application Data\Thunderbird 2009-03-04 17:37 . 2009-03-04 17:37 <REP> d-------- c:\documents and settings\****\Application Data\Talkback 2009-03-03 19:05 . 2009-03-03 19:05 <REP> d-------- c:\documents and settings\****\Application Data\Subversion 2009-03-03 14:12 . 2009-03-03 14:12 <REP> d-------- C:\spoolerlogs 2009-03-03 13:58 . 2009-03-03 13:58 <REP> d-------- c:\documents and settings\****.******\Application Data\CyberLink 2009-03-03 13:52 . 2009-03-03 13:52 <REP> d-------- c:\program files\TortoiseSVN 2009-03-03 13:52 . 2009-03-03 13:52 <REP> d-------- c:\program files\Fichiers communs\TortoiseOverlays 2009-03-03 13:07 . 2009-03-06 19:51 <REP> d-------- c:\program files\Mozilla Thunderbird 2009-03-03 10:58 . 2009-03-05 17:29 <REP> d-------- C:\ocs-ng 2009-03-03 10:58 . 2009-03-03 10:58 <REP> d-------- c:\documents and settings\****.******\Application Data\Wave Systems Corp 2009-03-03 10:58 . 2009-03-03 10:58 <REP> d-------- c:\documents and settings\****.******\Application Data\Broadcom 2009-03-03 10:57 . 2008-12-17 14:44 <REP> d-------- c:\documents and settings\****.******\Voisinage réseau 2009-03-03 10:57 . 2008-04-21 23:44 <REP> d-------- c:\documents and settings\****.******\Voisinage d'impression 2009-03-03 10:57 . 2008-04-21 22:02 <REP> d-------- c:\documents and settings\****.******\Modèles 2009-03-03 10:57 . 2009-02-25 14:24 <REP> d-------- c:\documents and settings\****.******\Mes documents 2009-03-03 10:57 . 2008-04-21 23:44 <REP> d-------- c:\documents and settings\****.******\Menu Démarrer 2009-03-03 10:57 . 2008-12-09 15:34 <REP> d-------- c:\documents and settings\****.******\iWizz 2009-03-03 10:57 . 2008-12-08 17:36 <REP> d-------- c:\documents and settings\****.******\InstallAnywhere 2009-03-03 10:57 . 2008-10-06 11:15 <REP> d-------- c:\documents and settings\****.******\Favoris 2009-03-03 10:57 . 2009-03-03 11:39 <REP> d-------- c:\documents and settings\****.******\Bureau 2009-03-03 10:57 . 2008-10-24 09:40 <REP> d-------- c:\documents and settings\****.******\Application Data\Winamp 2009-03-03 10:57 . 2009-03-03 12:24 <REP> d-------- c:\documents and settings\****.******\Application Data\VMware 2009-03-03 10:57 . 2008-12-16 15:48 <REP> d-------- c:\documents and settings\****.******\Application Data\Visio 2009-03-03 10:57 . 2008-12-16 11:29 <REP> d-------- c:\documents and settings\****.******\Application Data\U3 2009-03-03 10:57 . 2008-12-11 19:24 <REP> d-------- c:\documents and settings\****.******\Application Data\TortoiseSVN 2009-03-03 10:57 . 2008-10-20 10:00 <REP> d-------- c:\documents and settings\****.******\Application Data\Thunderbird 2009-03-03 10:57 . 2008-10-06 11:19 <REP> d-------- c:\documents and settings\****.******\Application Data\Subversion 2009-03-03 10:57 . 2008-12-09 15:34 <REP> d-------- c:\documents and settings\****.******\Application Data\PSpad 2009-03-03 10:57 . 2008-10-06 15:00 <REP> d-------- c:\documents and settings\****.******\Application Data\pdf995 2009-03-03 10:57 . 2009-03-02 10:22 <REP> d-------- c:\documents and settings\****.******\Application Data\OpenOffice.org2 2009-03-03 10:57 . 2009-01-06 15:04 <REP> d-------- c:\documents and settings\****.******\Application Data\****** 2009-03-03 10:57 . 2008-12-03 10:54 <REP> d-------- c:\documents and settings\****.******\Application Data\Microsoft Web Folders 2009-03-03 10:57 . 2008-11-18 17:16 <REP> d-------- c:\documents and settings\****.******\Application Data\IsolatedStorage 2009-03-03 10:57 . 2008-10-06 12:26 <REP> d-------- c:\documents and settings\****.******\Application Data\FMZilla 2009-03-03 10:57 . 2008-12-02 11:22 <REP> d-------- c:\documents and settings\****.******\Application Data\CA 2009-03-03 10:57 . 2008-11-18 17:33 <REP> d-------- c:\documents and settings\****.******\Application Data\Apple Computer 2009-03-03 10:57 . 2008-12-08 17:26 <REP> d--h----- c:\documents and settings\****.******\.netbeans-registration 2009-03-03 10:57 . 2008-12-08 17:26 <REP> d--h----- c:\documents and settings\****.******\.netbeans-derby 2009-03-03 10:57 . 2008-12-08 17:25 <REP> d--h----- c:\documents and settings\****.******\.netbeans 2009-03-03 10:57 . 2009-03-03 12:29 <REP> d-------- c:\documents and settings\****.****** 2009-03-03 10:41 . 2009-03-03 10:41 <REP> d-------- c:\windows\SHELLNEW 2009-03-01 23:03 . 2009-03-01 23:03 <REP> d-------- c:\program files\MSXML 4.0 2009-03-01 22:08 . 2009-03-01 22:08 <REP> d-------- c:\program files\Fichiers communs\Skype 2009-03-01 21:49 . 2009-03-05 17:25 <REP> d-------- C:\QUARANTINE 2009-03-01 21:21 . 2009-03-01 21:21 <REP> d-------- c:\program files\Securitoo 2009-03-01 21:20 . 2006-03-01 18:53 94,208 --a------ c:\windows\system32\w32n50.dll 2009-03-01 21:20 . 2007-12-11 20:22 65,536 --a------ c:\windows\system32\Autodial2000.dll 2009-03-01 21:20 . 2003-09-23 10:38 34,688 --a------ c:\windows\system32\pcampr5.sys 2009-03-01 21:20 . 2006-03-01 18:53 32,128 --a------ c:\windows\system32\pcandis5.sys 2009-03-01 19:22 . 2009-03-07 10:52 <REP> d-------- c:\documents and settings\NetworkService\Application Data\VMware 2009-03-01 18:44 . 2009-03-01 18:44 <REP> d-------- c:\documents and settings\LocalService\Application Data\VMware 2009-03-01 18:44 . 2007-09-05 20:18 391,728 --a------ c:\windows\system32\vnetlib.dll 2009-03-01 18:44 . 2007-09-05 20:18 141,872 --a------ c:\windows\system32\vmnat.exe 2009-03-01 18:44 . 2007-09-05 20:18 113,200 --a------ c:\windows\system32\vmnetdhcp.exe 2009-03-01 18:44 . 2007-09-05 20:18 22,320 --a------ c:\windows\system32\drivers\vmnetuserif.sys 2009-03-01 15:10 . 1998-10-07 13:08 327,168 --a------ c:\windows\IsUn040c.exe 2009-03-01 15:06 . 2009-03-01 15:06 0 --a------ c:\windows\WinPM.INI 2009-03-01 15:03 . 2009-03-01 15:03 <REP> d-------- c:\program files\Paragon Software 2009-03-01 15:03 . 2004-09-03 10:53 3,870,720 --a------ c:\windows\system32\qt-mt323.dll 2009-03-01 15:03 . 2003-10-07 18:08 6,656 --a------ c:\windows\system32\WnASPI32.dll 2009-03-01 14:59 . 2009-03-01 14:59 <REP> d-------- C:\314f26b8237b6426defc 2009-03-01 11:13 . 2009-03-01 11:13 <REP> d-------- c:\program files\Paragon Software(2) 2009-02-28 10:42 . 2009-03-07 10:23 <REP> d-------- c:\documents and settings\****\Application Data\skypePM 2009-02-28 10:42 . 2009-02-28 10:42 56 --ah----- c:\windows\system32\ezsidmv.dat 2009-02-28 10:29 . 2009-03-01 22:08 <REP> dr------- c:\program files\Skype 2009-02-28 10:29 . 2009-03-07 10:13 <REP> d-------- c:\documents and settings\****\Application Data\Skype 2009-02-28 10:29 . 2009-03-01 21:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype 2009-02-27 23:18 . 2009-03-06 17:01 <REP> d-------- c:\documents and settings\****\Application Data\VMware 2009-02-27 23:16 . 2009-03-07 10:52 <REP> d-------- c:\documents and settings\All Users\Application Data\VMware 2009-02-27 23:15 . 2009-02-27 23:15 <REP> d-------- c:\program files\VMware 2009-02-27 23:15 . 2009-03-01 18:43 <REP> d-------- c:\program files\Fichiers communs\VMware 2009-02-27 22:54 . 2009-03-01 22:04 <REP> d-------- c:\program files\SQLXML 4.0 2009-02-27 22:42 . 2009-02-27 22:42 <REP> d-------- c:\program files\Microsoft Analysis Services 2009-02-27 21:42 . 2009-03-01 21:24 <REP> d-------- c:\program files\OrangeHSS 2009-02-27 21:41 . 2009-02-27 21:41 <REP> d-------- c:\program files\Fichiers communs\France Telecom 2009-02-27 19:02 . 2009-02-27 19:02 212 --a------ c:\windows\ildasmfnt.bin 2009-02-27 18:58 . 2009-02-27 18:58 <REP> d-------- c:\documents and settings\****\Application Data\Roxio 2009-02-27 12:14 . 2009-02-27 12:14 0 --a------ c:\windows\nsreg.dat 2009-02-27 12:09 . 2009-03-01 14:59 <REP> d-------- c:\program files\Mozilla Firefox(2) 2009-02-27 11:37 . 2009-02-27 11:37 <REP> d-------- c:\windows\IIS Temporary Compressed Files 2009-02-27 11:35 . 2009-02-27 11:35 <REP> d-------- c:\windows\system32\msmq 2009-02-27 11:35 . 2009-02-27 11:35 <REP> d-------- c:\windows\system32\Logfiles 2009-02-27 11:35 . 2009-02-27 11:36 <REP> d-------- C:\Inetpub 2009-02-27 11:31 . 2009-02-27 11:31 <REP> d-------- c:\program files\StarUML 2009-02-27 11:31 . 2009-02-27 11:31 <REP> d-------- c:\program files\Astase 2009-02-27 11:27 . 2009-03-02 21:42 <REP> d-------- c:\program files\Microsoft SQL Server 2009-02-27 10:47 . 2009-02-27 10:47 <REP> d-------- c:\program files\Microsoft SQL Server 2005 Mobile Edition 2009-02-27 10:47 . 2009-02-27 10:47 <REP> d-------- c:\program files\Microsoft Device Emulator 2009-02-27 10:33 . 2009-02-27 10:33 <REP> d-------- c:\windows\Symbols . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-02 09:25 3,353 ----a-w c:\windows\system32\drivers\sthdae.log 2009-02-18 13:52 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-02-18 13:52 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf 2009-02-18 09:45 5,293 ----a-w c:\windows\system32\drivers\1028_Dell_WOR_M4400.mrk 2009-01-07 22:06 328,728 ----a-w c:\windows\system32\drivers\iaStor.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2008-11-09 19:10 40960 --a------ c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2008-11-09 19:10 40960 --a------ c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-10-28 200704] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-01 483420] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-01 471040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13537280] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 86016] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904] "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-09-24 184320] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-09-26 145408] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-11-10 656696] "EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2008-11-10 91448] "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2008-08-18 598016] "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2008-11-10 24576] "DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-10-01 1454080] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-03-04 198160] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224] "nwiz"="nwiz.exe" [2008-08-07 c:\windows\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2008-08-07 c:\windows\system32\nvhotkey.dll] "MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-11-11 950048] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-05 75856] R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2007-04-19 133968] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-05 20560] R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2008-09-04 406808] R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2008-11-11 808296] R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2008-11-11 20840] R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2008-11-11 451872] R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 199384] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640] R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2008-10-01 90112] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-02-18 112128] R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-02-18 12840] R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-02-18 32808] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-02-18 244368] S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2005-10-14 14552] S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-04-19 42832] S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2009-03-05 18688] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?] S4 msvsmon80;Débogueur distant Visual Studio 2005;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8af172c6-08a0-11de-a3e7-005056c00008}] \Shell\AutoRun\command - F:\gi2ky.exe \Shell\open\Command - F:\gi2ky.exe . Contenu du dossier 'Tâches planifiées' 2009-03-07 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-19 19:03] . . ------- Examen supplémentaire ------- . IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\****\Application Data\Mozilla\Firefox\Profiles\spbvczc9.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-07 10:52:40 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql] "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:MSSQLSERVER" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(1136) c:\windows\system32\wvauth.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\drivers\audio\R205445\stacsv.exe c:\windows\system32\scardsvr.exe c:\windows\system32\msdtc.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe c:\program files\Microsoft SQL Server\MSSQL.1\OLAP\bin\msmdsrv.exe c:\windows\system32\nvsvc32.exe c:\program files\Spyware Terminator\sp_rsser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe c:\program files\TortoiseSVN\bin\TSVNCache.exe c:\program files\VMware\VMware Workstation\vmware-authd.exe c:\program files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe c:\program files\DellTPad\ApMsgFwd.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\windows\system32\vmnat.exe c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe c:\program files\DellTPad\hidfind.exe c:\program files\DellTPad\ApntEx.exe c:\windows\system32\mqsvc.exe c:\windows\system32\vmnetdhcp.exe c:\windows\system32\mqtgsvc.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe c:\program files\OrangeHSS\Systray\SystrayApp.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Heure de fin: 2009-03-07 10:56:15 - La machine a redémarré [****] ComboFix-quarantined-files.txt 2009-03-07 09:56:12 Avant-CF: 31,132,172,288 octets libres Après-CF: 31,118,716,928 octets libres 345 --- E O F --- 2009-03-01 22:04:46
×
×
  • Créer...