Aller au contenu

sareth

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    10

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par sareth

  1. sareth
    MERCI Beaucoup de m'avoir aider
  2. sareth
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:52:26, on 26/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Users\Paul\Program Files\DNA\btdna.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deezer.com/fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Paul\Program Files\DNA\btdna.exe" O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 5371 bytes
  3. sareth
    merci beaucoup pour tes conseils!! pour ce qui est de l'infection a ton fini avec la sécurisation et le nettoyage?
  4. sareth
    j'ai réinstallé bitdefender c'est ok dans le centre de securité tout est activé sauf le pare feu windows qui me dit :"le centre de securité n'a pas pu activer le pare feu windows" a part sa pas d'autres symptômes
  5. sareth
    voilou Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:22:18, on 25/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\explorer.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Users\Paul\AppData\Local\Temp\jre-6u13-windows-i586-p-iftw.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deezer.com/fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 4509 bytes
  6. sareth
    super internet est reparti du coup jai mis a jour l'anti malware et refait un scan rapide : Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1890 Windows 6.0.6001 Service Pack 1 24/03/2009 11:13:25 mbam-log-2009-03-24 (11-13-25).txt Type de recherche: Examen rapide Eléments examinés: 49108 Temps écoulé: 3 minute(s), 51 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  7. sareth
    je n'ai pas pu le mettre a jour vu que je nai toujours pas internet sur mon PC infecté voila le rapport: Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1749 Windows 6.0.6001 Service Pack 1 24/03/2009 00:01:01 mbam-log-2009-03-24 (00-01-01).txt Type de recherche: Examen rapide Eléments examinés: 51875 Temps écoulé: 2 minute(s), 53 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  8. sareth
    voila: ComboFix 09-03-22.01 - Paul 2009-03-23 21:54:03.2 - NTFSx86 Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.2046.1403 [GMT 1:00] Lancé depuis: c:\users\Paul\Desktop\tral.exe Commutateurs utilisés :: c:\users\Paul\Desktop\CFScript.txt AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-23 au 2009-03-23 )))))))))))))))))))))))))))))))))))) . 2009-03-23 21:49 . 2009-03-23 21:49 268 --ah----- C:\sqmdata03.sqm 2009-03-23 21:49 . 2009-03-23 21:49 244 --ah----- C:\sqmnoopt03.sqm 2009-03-23 19:09 . 2009-03-23 19:09 268 --ah----- C:\sqmdata02.sqm 2009-03-23 19:09 . 2009-03-23 19:09 244 --ah----- C:\sqmnoopt02.sqm 2009-03-23 18:47 . 2009-03-23 18:47 268 --ah----- C:\sqmdata01.sqm 2009-03-23 18:47 . 2009-03-23 18:47 244 --ah----- C:\sqmnoopt01.sqm 2009-03-21 22:18 . 2009-03-21 22:18 268 --ah----- C:\sqmdata00.sqm 2009-03-21 22:18 . 2009-03-21 22:18 244 --ah----- C:\sqmnoopt00.sqm 2009-03-20 23:21 . 2009-03-20 23:21 55 --a------ C:\$DRVLTR$ 2009-03-20 23:19 . 2009-03-20 23:19 0 -rahs---- C:\$lsdrive$ 2009-03-20 23:19 . 2009-03-20 23:19 0 -rahs---- C:\$dwnlvldrive$ 2009-03-20 23:19 . 2009-03-20 23:19 0 -rahs---- C:\$bootdrive$ 2009-03-20 23:13 . 2009-03-20 23:13 <REP> d-------- C:\$WINDOWS.~LS 2009-03-20 22:38 . 2009-03-20 23:12 1,887 --a------ c:\windows\diagwrn.xml 2009-03-20 22:38 . 2009-03-20 23:12 1,887 --a------ c:\windows\diagerr.xml 2009-03-20 20:02 . 2009-03-20 20:09 196,608 --a------ c:\windows\SPInstall.etl 2009-03-19 20:27 . 2009-03-23 18:57 <REP> d--h----- c:\users\Paul\AppData\Roaming\drivers 2009-03-19 20:27 . 2009-03-19 20:27 <REP> d-------- c:\program files\Ultralingua 2009-03-14 13:57 . 2009-03-14 13:58 <REP> d-------- c:\program files\tuxguitar-1.0-jet 2009-03-14 13:30 . 2009-03-14 13:30 <REP> d-------- c:\program files\Guitar Pro 5 2009-03-10 22:54 . 2009-03-10 22:53 64,160 --a------ c:\windows\System32\drivers\Lbd.sys 2009-03-10 22:44 . 2009-03-10 22:54 15,688 --a------ c:\windows\System32\lsdelete.exe 2009-03-10 21:58 . 2009-03-10 22:54 <REP> d----c--- c:\windows\System32\DRVSTORE 2009-03-10 21:54 . 2009-03-10 21:54 <REP> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-10 21:54 . 2009-03-10 21:54 <REP> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-10 19:56 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-10 19:56 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-10 19:56 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-10 19:56 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-10 19:55 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-10 19:55 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-02-28 19:34 . 2009-02-28 19:34 410,984 --a------ c:\windows\System32\deploytk.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-23 20:45 --------- d-----w c:\users\Paul\AppData\Roaming\DNA 2009-03-23 20:45 --------- d-----w c:\program files\DNA 2009-03-23 17:58 --------- d-----w c:\program files\Steam 2009-03-19 19:35 --------- d-----w c:\program files\Common Files\Steam 2009-03-19 19:31 81,984 ----a-w c:\windows\System32\bdod.bin 2009-03-19 18:25 --------- d-----w c:\users\Paul\AppData\Roaming\BitTorrent 2009-03-19 18:22 --------- d-----w c:\users\Paul\AppData\Roaming\GrabIt 2009-03-11 18:54 --------- d-----w c:\program files\Messenger Plus! Live 2009-03-11 10:27 --------- d-----w c:\program files\Windows Mail 2009-03-10 21:44 --------- d--h--w c:\users\Paul\AppData\Roaming\win32 2009-02-28 18:34 --------- d-----w c:\program files\Java 2009-01-25 19:54 --------- d-----w c:\users\Paul\AppData\Roaming\OpenOffice.org 2009-01-25 19:49 --------- d-----w c:\program files\OpenOffice.org 3 2009-01-25 19:49 --------- d-----w c:\program files\JRE 2009-01-25 19:47 --------- d-----w c:\program files\Common Files\Java 2009-01-25 17:47 --------- d-----w c:\program files\Alt WAV MP3 WMA OGG Converter 2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll 2008-07-23 18:32 174 --sha-w c:\program files\desktop.ini 2008-06-12 17:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-06-12 17:33 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-06-12 17:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\$bootdrive$ ---- c:\$bootdrive$\ ---- Directory of C:\$DRVLTR$ ---- c:\$drvltr$\ ---- Directory of C:\$dwnlvldrive$ ---- c:\$dwnlvldrive$\ ---- Directory of C:\$lsdrive$ ---- c:\$lsdrive$\ ((((((((((((((((((((((((((((( SnapShot@2009-03-23_19.04.04.11 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-23 18:00:41 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-03-23 20:45:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-03-23 18:00:41 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-03-23 20:45:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-03-23 18:00:54 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-03-23 20:47:01 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT - 2009-03-23 18:00:54 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-03-23 20:46:55 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-03-23 20:46:55 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-03-23 17:47:56 101,052 ----a-w c:\windows\System32\perfc009.dat + 2009-03-23 20:52:39 101,052 ----a-w c:\windows\System32\perfc009.dat - 2009-03-23 17:47:56 123,350 ----a-w c:\windows\System32\perfc00C.dat + 2009-03-23 20:52:39 123,350 ----a-w c:\windows\System32\perfc00C.dat - 2009-03-23 17:47:56 586,980 ----a-w c:\windows\System32\perfh009.dat + 2009-03-23 20:52:39 586,980 ----a-w c:\windows\System32\perfh009.dat - 2009-03-23 17:47:56 669,328 ----a-w c:\windows\System32\perfh00C.dat + 2009-03-23 20:52:39 669,328 ----a-w c:\windows\System32\perfh00C.dat - 2009-03-23 18:02:24 14,954 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3927480521-1308856957-46820682-1000_UserData.bin + 2009-03-23 20:47:16 14,954 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3927480521-1308856957-46820682-1000_UserData.bin - 2009-03-23 18:02:24 82,724 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-03-23 20:47:16 82,724 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-03-23 17:56:11 54,336 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-03-23 20:47:15 54,352 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-19 342848] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 92704] "BDMCon"="c:\progra~1\Softwin\BITDEF~1\bdmcon.exe" [2009-03-23 290816] "BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe" [2009-03-23 69632] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-28 136600] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-10 515416] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 c:\windows\RtHDVCpl.exe] c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 2297856] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3927480521-1308856957-46820682-1000] "EnableNotificationsRef"=dword:00000010 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{25490C12-2039-4A9D-9A69-D8FCA7E049D4}d:\\program files\\kerio\\personal firewall 4\\kpf4gui.exe"= UDP:d:\program files\kerio\personal firewall 4\kpf4gui.exe:Kerio Personal Firewall 4 - GUI "UDP Query User{897ABB11-F1E7-42B4-AEBF-AB0006836AB4}d:\\program files\\kerio\\personal firewall 4\\kpf4gui.exe"= TCP:d:\program files\kerio\personal firewall 4\kpf4gui.exe:Kerio Personal Firewall 4 - GUI "TCP Query User{F5BF6957-98CF-4C94-8199-6D753A418446}d:\\program files\\kerio\\personal firewall 4\\kpf4ss.exe"= UDP:d:\program files\kerio\personal firewall 4\kpf4ss.exe:Kerio Personal Firewall 4 - Service "UDP Query User{FB85041F-F661-499E-AE5B-B4D724DDF519}d:\\program files\\kerio\\personal firewall 4\\kpf4ss.exe"= TCP:d:\program files\kerio\personal firewall 4\kpf4ss.exe:Kerio Personal Firewall 4 - Service "{1CD6CDB0-5D11-42A2-8FA3-EDC91E8A1844}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{84C6E2AE-5A87-4BF7-9006-CF7192488169}"= UDP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System "{C6E512FC-7682-45C1-9DEA-9B50806AC190}"= TCP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System "{F9DC35F6-E628-41C7-99E9-4EBAEAFD2121}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window "{F7E845BB-3A19-4621-ADD9-1813810C75D0}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window "TCP Query User{28B00D51-2CEC-4D80-8991-E6B95CB76436}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{7C4A5ACA-E960-4142-AE69-29DABDB104C8}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "{25CBEA47-F40C-4F84-A64C-C9E4B50582C8}"= UDP:4662:emTCP "{9680B04A-D8AC-46E6-A037-2FCB80DB0B2B}"= TCP:4672:emUDP "TCP Query User{A34AB6EE-E283-4A28-8FB4-326E972A9E5A}c:\\program files\\steam\\steamapps\\sareth\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\sareth\counter-strike source\hl2.exe:hl2 "UDP Query User{9E7FC9E2-81B6-40F5-BCEC-B22C9E29AAA2}c:\\program files\\steam\\steamapps\\sareth\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\sareth\counter-strike source\hl2.exe:hl2 "TCP Query User{C7CFA342-56B3-4B9C-9241-376C8EDFB7F2}c:\\program files\\steam\\steamapps\\sareth\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\sareth\half-life 2 deathmatch\hl2.exe:hl2 "UDP Query User{13618CC6-A3F2-433C-84DC-692B44B6D92A}c:\\program files\\steam\\steamapps\\sareth\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\sareth\half-life 2 deathmatch\hl2.exe:hl2 "TCP Query User{38463A1A-B641-4CC9-960C-9270AF029345}c:\\program files\\steam\\steamapps\\sareth\\dark messiah might and magic multi-player\\mm.exe"= UDP:c:\program files\steam\steamapps\sareth\dark messiah might and magic multi-player\mm.exe:mm "UDP Query User{19315DB2-2680-4076-B122-37B456C77110}c:\\program files\\steam\\steamapps\\sareth\\dark messiah might and magic multi-player\\mm.exe"= TCP:c:\program files\steam\steamapps\sareth\dark messiah might and magic multi-player\mm.exe:mm "{9A6A6CED-AF16-4E5A-AD99-FD8F8C5C3FBE}"= UDP:c:\program files\DNA\btdna.exe:DNA "{54525FF9-BD51-4BAB-964B-FF7046FA1CB4}"= TCP:c:\program files\DNA\btdna.exe:DNA "{0873EF99-BC09-40D9-BDEC-5116124B5DA2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent "{9989D4B0-C33D-42AC-9B87-6CFBB7A6EE48}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent "{75658C82-E81D-4626-A2D3-AC436A2066E2}"= UDP:3724:wow "TCP Query User{282D6F9D-792E-40DB-9FD1-6164C27419C7}c:\\users\\paul\\desktop\\wow-downloader.exe"= UDP:c:\users\paul\desktop\wow-downloader.exe:wow-downloader.exe "UDP Query User{987B7586-0B42-4C75-9C70-BDDBEC6F96BC}c:\\users\\paul\\desktop\\wow-downloader.exe"= TCP:c:\users\paul\desktop\wow-downloader.exe:wow-downloader.exe "{7E3D89BB-28F5-48AF-81BC-86A2FFFD93CF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{C4E989A7-563A-480C-9848-BBE4AF06E6E1}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In) "{E2F35BD2-2BA6-4007-90BE-E69BC532A065}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-03-10 64160] R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [2009-01-25 84832] S3 lg3gbus;LGE KU580 driver (WDM);c:\windows\System32\drivers\lg3gbus.sys [2008-07-27 83080] S3 lg3gmdfl;LGE KU580 USB WMC Modem Filter;c:\windows\System32\drivers\lg3gmdfl.sys [2008-07-27 15112] S3 lg3gmdm;LGE KU580 USB WMC Modem Driver;c:\windows\System32\drivers\lg3gmdm.sys [2008-07-27 108552] S3 lg3gmgmt;LGE KU580 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\lg3gmgmt.sys [2008-07-27 100360] S3 lg3gnd5;LGE KU580 USB Ethernet Emulation (NDIS);c:\windows\System32\drivers\lg3gnd5.sys [2008-07-27 23176] S3 lg3gobex;LGE KU580 USB WMC OBEX Interface;c:\windows\System32\drivers\lg3gobex.sys [2008-07-27 98568] S3 lg3gunic;LGE KU580 USB Ethernet Emulation (WDM);c:\windows\System32\drivers\lg3gunic.sys [2008-07-27 98952] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\System32\drivers\wg111v2.sys [2006-03-27 167808] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3782d36b-3bc8-11dd-848c-001b2f763727}] \shell\AutoRun\command - E:\autorun.exe . Contenu du dossier 'Tâches planifiées' 2009-03-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-10 22:53] 2009-03-23 c:\windows\Tasks\User_Feed_Synchronization-{55912FC2-D122-4E49-B1E8-5D55F5F11A2B}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.deezer.com/fr FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\1guqtogy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://fr.wikipedia.org/wiki/Accueil . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-23 21:55:16 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2009-03-23 21:56:33 ComboFix-quarantined-files.txt 2009-03-23 20:56:19 ComboFix2.txt 2009-03-23 18:04:51 Avant-CF: 21 610 496 000 octets libres Après-CF: 21,474,656,256 octets libres 211 --- E O F --- 2009-03-14 10:57:20 excuse moi mais c'est quoi un rapport hijackthis? (oui je n'y connais rien...desolé)
  9. sareth
    Merci beaucoup pour ton aide aussi rapide alors voila apres execution de combofix je nai pas pu désactiver mon antivirus vu qu'il ne se lance plus.. ComboFix 09-03-22.01 - Paul 2009-03-23 18:55:07.1 - NTFSx86 Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.2046.1288 [GMT 1:00] Lancé depuis: c:\users\Paul\Desktop\tral.exe AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Steam\Steam.exe c:\users\Paul\AppData\Roaming\drivers\downld c:\users\Paul\AppData\Roaming\drivers\downld\72774.exe c:\users\Paul\AppData\Roaming\drivers\downld\73320.exe c:\users\Paul\AppData\Roaming\drivers\downld\73351.exe c:\users\Paul\AppData\Roaming\drivers\downld\92898.exe c:\users\Paul\AppData\Roaming\drivers\srosa2.sys c:\users\Paul\AppData\Roaming\drivers\wfsintwq.sys c:\users\Paul\AppData\Roaming\drivers\winupgro.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SROSA -------\Legacy_SROSA -------\Legacy_SK9OU0S -------\Service_sK9Ou0s ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-23 au 2009-03-23 )))))))))))))))))))))))))))))))))))) . 2009-03-23 18:47 . 2009-03-23 18:47 268 --ah----- C:\sqmdata01.sqm 2009-03-23 18:47 . 2009-03-23 18:47 244 --ah----- C:\sqmnoopt01.sqm 2009-03-21 22:18 . 2009-03-21 22:18 268 --ah----- C:\sqmdata00.sqm 2009-03-21 22:18 . 2009-03-21 22:18 244 --ah----- C:\sqmnoopt00.sqm 2009-03-20 23:21 . 2009-03-20 23:21 55 --a------ C:\$DRVLTR$ 2009-03-20 23:19 . 2009-03-20 23:19 0 -rahs---- C:\$lsdrive$ 2009-03-20 23:19 . 2009-03-20 23:19 0 -rahs---- C:\$dwnlvldrive$ 2009-03-20 23:19 . 2009-03-20 23:19 0 -rahs---- C:\$bootdrive$ 2009-03-20 23:13 . 2009-03-20 23:13 <REP> d-------- C:\$WINDOWS.~LS 2009-03-20 22:38 . 2009-03-20 23:12 1,887 --a------ c:\windows\diagwrn.xml 2009-03-20 22:38 . 2009-03-20 23:12 1,887 --a------ c:\windows\diagerr.xml 2009-03-20 20:02 . 2009-03-20 20:09 196,608 --a------ c:\windows\SPInstall.etl 2009-03-19 20:27 . 2009-03-23 18:57 <REP> d--h----- c:\users\Paul\AppData\Roaming\drivers 2009-03-19 20:27 . 2009-03-19 20:27 <REP> d-------- c:\program files\Ultralingua 2009-03-14 13:57 . 2009-03-14 13:58 <REP> d-------- c:\program files\tuxguitar-1.0-jet 2009-03-14 13:30 . 2009-03-14 13:30 <REP> d-------- c:\program files\Guitar Pro 5 2009-03-10 22:54 . 2009-03-10 22:53 64,160 --a------ c:\windows\System32\drivers\Lbd.sys 2009-03-10 22:44 . 2009-03-10 22:54 15,688 --a------ c:\windows\System32\lsdelete.exe 2009-03-10 21:58 . 2009-03-10 22:54 <REP> d----c--- c:\windows\System32\DRVSTORE 2009-03-10 21:54 . 2009-03-10 21:54 <REP> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-10 21:54 . 2009-03-10 21:54 <REP> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-10 19:56 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-10 19:56 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-10 19:56 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-10 19:56 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-10 19:55 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-10 19:55 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-02-28 19:34 . 2009-02-28 19:34 410,984 --a------ c:\windows\System32\deploytk.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-23 18:00 --------- d-----w c:\users\Paul\AppData\Roaming\DNA 2009-03-23 18:00 --------- d-----w c:\program files\DNA 2009-03-23 17:58 --------- d-----w c:\program files\Steam 2009-03-19 19:35 --------- d-----w c:\program files\Common Files\Steam 2009-03-19 18:25 --------- d-----w c:\users\Paul\AppData\Roaming\BitTorrent 2009-03-19 18:22 --------- d-----w c:\users\Paul\AppData\Roaming\GrabIt 2009-03-11 18:54 --------- d-----w c:\program files\Messenger Plus! Live 2009-03-11 10:27 --------- d-----w c:\program files\Windows Mail 2009-03-10 21:44 --------- d--h--w c:\users\Paul\AppData\Roaming\win32 2009-02-28 18:34 --------- d-----w c:\program files\Java 2009-01-25 19:54 --------- d-----w c:\users\Paul\AppData\Roaming\OpenOffice.org 2009-01-25 19:49 --------- d-----w c:\program files\OpenOffice.org 3 2009-01-25 19:49 --------- d-----w c:\program files\JRE 2009-01-25 19:47 --------- d-----w c:\program files\Common Files\Java 2009-01-25 17:47 --------- d-----w c:\program files\Alt WAV MP3 WMA OGG Converter 2008-07-23 18:32 174 --sha-w c:\program files\desktop.ini 2008-06-12 17:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-06-12 17:33 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-06-12 17:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-19 342848] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 92704] "BDMCon"="c:\progra~1\Softwin\BITDEF~1\bdmcon.exe" [2009-03-23 290816] "BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe" [2009-03-23 69632] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-28 136600] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-10 515416] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 c:\windows\RtHDVCpl.exe] c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 2297856] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3927480521-1308856957-46820682-1000] "EnableNotificationsRef"=dword:00000010 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{25490C12-2039-4A9D-9A69-D8FCA7E049D4}d:\\program files\\kerio\\personal firewall 4\\kpf4gui.exe"= UDP:d:\program files\kerio\personal firewall 4\kpf4gui.exe:Kerio Personal Firewall 4 - GUI "UDP Query User{897ABB11-F1E7-42B4-AEBF-AB0006836AB4}d:\\program files\\kerio\\personal firewall 4\\kpf4gui.exe"= TCP:d:\program files\kerio\personal firewall 4\kpf4gui.exe:Kerio Personal Firewall 4 - GUI "TCP Query User{F5BF6957-98CF-4C94-8199-6D753A418446}d:\\program files\\kerio\\personal firewall 4\\kpf4ss.exe"= UDP:d:\program files\kerio\personal firewall 4\kpf4ss.exe:Kerio Personal Firewall 4 - Service "UDP Query User{FB85041F-F661-499E-AE5B-B4D724DDF519}d:\\program files\\kerio\\personal firewall 4\\kpf4ss.exe"= TCP:d:\program files\kerio\personal firewall 4\kpf4ss.exe:Kerio Personal Firewall 4 - Service "{1CD6CDB0-5D11-42A2-8FA3-EDC91E8A1844}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{84C6E2AE-5A87-4BF7-9006-CF7192488169}"= UDP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System "{C6E512FC-7682-45C1-9DEA-9B50806AC190}"= TCP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System "{F9DC35F6-E628-41C7-99E9-4EBAEAFD2121}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window "{F7E845BB-3A19-4621-ADD9-1813810C75D0}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window "TCP Query User{28B00D51-2CEC-4D80-8991-E6B95CB76436}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{7C4A5ACA-E960-4142-AE69-29DABDB104C8}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "{25CBEA47-F40C-4F84-A64C-C9E4B50582C8}"= UDP:4662:emTCP "{9680B04A-D8AC-46E6-A037-2FCB80DB0B2B}"= TCP:4672:emUDP "TCP Query User{A34AB6EE-E283-4A28-8FB4-326E972A9E5A}c:\\program files\\steam\\steamapps\\sareth\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\sareth\counter-strike source\hl2.exe:hl2 "UDP Query User{9E7FC9E2-81B6-40F5-BCEC-B22C9E29AAA2}c:\\program files\\steam\\steamapps\\sareth\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\sareth\counter-strike source\hl2.exe:hl2 "TCP Query User{C7CFA342-56B3-4B9C-9241-376C8EDFB7F2}c:\\program files\\steam\\steamapps\\sareth\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\sareth\half-life 2 deathmatch\hl2.exe:hl2 "UDP Query User{13618CC6-A3F2-433C-84DC-692B44B6D92A}c:\\program files\\steam\\steamapps\\sareth\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\sareth\half-life 2 deathmatch\hl2.exe:hl2 "TCP Query User{38463A1A-B641-4CC9-960C-9270AF029345}c:\\program files\\steam\\steamapps\\sareth\\dark messiah might and magic multi-player\\mm.exe"= UDP:c:\program files\steam\steamapps\sareth\dark messiah might and magic multi-player\mm.exe:mm "UDP Query User{19315DB2-2680-4076-B122-37B456C77110}c:\\program files\\steam\\steamapps\\sareth\\dark messiah might and magic multi-player\\mm.exe"= TCP:c:\program files\steam\steamapps\sareth\dark messiah might and magic multi-player\mm.exe:mm "{9A6A6CED-AF16-4E5A-AD99-FD8F8C5C3FBE}"= UDP:c:\program files\DNA\btdna.exe:DNA "{54525FF9-BD51-4BAB-964B-FF7046FA1CB4}"= TCP:c:\program files\DNA\btdna.exe:DNA "{0873EF99-BC09-40D9-BDEC-5116124B5DA2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent "{9989D4B0-C33D-42AC-9B87-6CFBB7A6EE48}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent "{75658C82-E81D-4626-A2D3-AC436A2066E2}"= UDP:3724:wow "TCP Query User{282D6F9D-792E-40DB-9FD1-6164C27419C7}c:\\users\\paul\\desktop\\wow-downloader.exe"= UDP:c:\users\paul\desktop\wow-downloader.exe:wow-downloader.exe "UDP Query User{987B7586-0B42-4C75-9C70-BDDBEC6F96BC}c:\\users\\paul\\desktop\\wow-downloader.exe"= TCP:c:\users\paul\desktop\wow-downloader.exe:wow-downloader.exe "{7E3D89BB-28F5-48AF-81BC-86A2FFFD93CF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{C4E989A7-563A-480C-9848-BBE4AF06E6E1}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In) "{E2F35BD2-2BA6-4007-90BE-E69BC532A065}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-03-10 64160] R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?] R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\System32\drivers\wg111v2.sys [2006-03-27 167808] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [2009-01-25 84832] S3 lg3gbus;LGE KU580 driver (WDM);c:\windows\System32\drivers\lg3gbus.sys [2008-07-27 83080] S3 lg3gmdfl;LGE KU580 USB WMC Modem Filter;c:\windows\System32\drivers\lg3gmdfl.sys [2008-07-27 15112] S3 lg3gmdm;LGE KU580 USB WMC Modem Driver;c:\windows\System32\drivers\lg3gmdm.sys [2008-07-27 108552] S3 lg3gmgmt;LGE KU580 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\lg3gmgmt.sys [2008-07-27 100360] S3 lg3gnd5;LGE KU580 USB Ethernet Emulation (NDIS);c:\windows\System32\drivers\lg3gnd5.sys [2008-07-27 23176] S3 lg3gobex;LGE KU580 USB WMC OBEX Interface;c:\windows\System32\drivers\lg3gobex.sys [2008-07-27 98568] S3 lg3gunic;LGE KU580 USB Ethernet Emulation (WDM);c:\windows\System32\drivers\lg3gunic.sys [2008-07-27 98952] --- Autres Services/Pilotes en mémoire --- *Deregistered* - sptd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3782d36b-3bc8-11dd-848c-001b2f763727}] \shell\AutoRun\command - E:\autorun.exe . Contenu du dossier 'Tâches planifiées' 2009-03-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-10 22:53] 2009-03-23 c:\windows\Tasks\User_Feed_Synchronization-{55912FC2-D122-4E49-B1E8-5D55F5F11A2B}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Steam - c:\program files\Steam\Steam.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.deezer.com/fr FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\1guqtogy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://fr.wikipedia.org/wiki/Accueil . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-23 19:02:07 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\windows\System32\lxbkcoms.exe c:\windows\System32\conime.exe c:\windows\System32\rundll32.exe c:\program files\Lexmark X1100 Series\LXBKbmon.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\windows\ehome\ehmsas.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Heure de fin: 2009-03-23 19:04:50 - La machine a redémarré ComboFix-quarantined-files.txt 2009-03-23 18:04:32 Avant-CF: 21,373,243,392 octets libres Après-CF: 21,125,787,648 octets libres 205 --- E O F --- 2009-03-14 10:57:20
  10. sareth
    bonjour a tous alors voila jai quelques soucis avec mon PC: tout a commencer par un redemarage incontrôlé une fois redemaré je navais plus internet et le centre de securité windows est desactivé ,je ne peut plus lancer mon antivirus (bitdefender) jai le message "n'est pas une application win32 valide" idem pour window defender donc impossible de faire de scan meme sur internet.... j'ai tenté de reinstaller windows (vista) mais jai aussi eu un message d'erreur au reboot.. voila merci pour votre aide....
×
×
  • Créer...