Aller au contenu

fleafly

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    13

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par fleafly

  1. fleafly
    Merci infiniment pour votre aide. Tout semble fonctionner parfaitement à présent. Longue vie à vous et à votre site!
  2. fleafly
    je laisse tomber la restauration... mais je fais quoi des virus en quarantaine? Je les supprime?
  3. fleafly
    Bonne nouvelle! Après désinstallation et réinstallation de zone alarm, ma connexion est redevenue fluide. Parfois, il ne faut pas chercher trop loin... Dois-je vider mon "virus vault" dans avg? (notamment 2 virus apparus aujourd'hui:C:\ System Volume Information\_restore...)
  4. fleafly
    ok merci pour ces précieux conseils. comment scanner les fichiers de restauration système avec avg et que faire des fichiers infectés? Dois-je cliquer sur "heal"?
  5. fleafly
    ok, on sécurise! petite question: puis-je tenter une restauration système sans risque pour tenter de récupérer une connexion propre à internet? Pour être tout à fait complet, les problèmes ont commencé quand j'ai changé le mode de démarrage dans msconfig (ce que je n'aurais jamais dû faire...), car suite à une manoeuvre que m'a fait faire sfr pour pouvoir utiliser ma nouvelle neufbox, je me suis rendu compte que mes logiciels ne s'activaient plus au démarrage (internet fonctionnait parfaitement à ce moment): j'ai alors vu une fenêtre windows me demandant de cocher démarrage normal dans l'onglet général; l'ordi démarrait puis j'avais un message d'erreur sur fond bleu m'obligeant à redémarrer. Ca a fini par refonctioonait en disant: windows a récupéré d'une erreur sérieuse. Je ne sais pas si ces précisions sont utiles. Merci pour votre aide en tout cas.
  6. fleafly
    -l'entrée est bien sur 3 -déconnexion après 5 minutes malgré "réparer" une autre idée?
  7. fleafly
    wi-fi, ma connexion ethernet ne fonctionne plus depuis pas mal de temps... voilà, c'est fait!!
  8. fleafly
    Merci! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:48:46, on 14/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\MSN\MSNCoreFiles\msn6.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\PROGRA~1\MSNMES~1\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\livecall.exe C:\Documents and Settings\BRICE\Mes documents\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_2_0.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageUplo...geUploader3.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe -- End of file - 7255 bytes pour info, ma connexion internet s'interrompt toujours au bout de qqes minutes, nécessitant un redémarrage de l'ordi pour chaque nouvelle connexion
  9. fleafly
    voici la suite: ComboFix 09-04-14.09 - BRICE 14/04/2009 21:06.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.503.204 [GMT 2:00] Lancé depuis: c:\documents and settings\BRICE\Bureau\pouet.exe Commutateurs utilisés :: c:\documents and settings\BRICE\Bureau\CFscript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) FW: ZoneAlarm Firewall *enabled* * Un nouveau point de restauration a été créé FILE :: c:\windows\system32\uactmp.db . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\uactmp.db . ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-14 au 2009-04-14 )))))))))))))))))))))))))))))))))))) . 2009-04-14 19:02 . 2006-03-02 22:42 73728 ----a-w C:\pv.exe 2009-04-14 18:46 . 2009-04-14 18:54 1374 ----a-w c:\windows\imsins.BAK 2009-04-14 17:33 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-14 17:33 . 2009-03-06 14:20 286720 ------w c:\windows\system32\dllcache\pdh.dll 2009-04-14 17:33 . 2009-02-09 11:23 111104 ------w c:\windows\system32\dllcache\services.exe 2009-04-14 17:33 . 2009-02-09 10:53 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-14 17:33 . 2009-02-09 10:53 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-14 17:33 . 2009-02-09 10:53 685568 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-14 17:33 . 2009-02-09 10:53 735744 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-14 17:33 . 2009-02-09 10:53 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-14 17:32 . 2009-02-09 10:53 739840 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-14 17:32 . 2008-12-16 12:31 354304 ------w c:\windows\system32\dllcache\winhttp.dll 2009-04-14 17:32 . 2008-04-21 21:15 219136 ------w c:\windows\system32\dllcache\wordpad.exe 2009-04-14 16:19 . 2009-04-14 16:23 687104 ----a-w c:\windows\isRS-000.tmp 2009-04-14 16:19 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-14 16:19 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-14 16:14 . 2009-04-14 16:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-03 17:19 . 2009-04-03 17:19 -------- d-sh--w c:\documents and settings\BRICE\IECompatCache 2009-03-27 20:46 . 2009-03-27 20:46 -------- d-sh--w c:\documents and settings\BRICE\PrivacIE 2009-03-27 16:52 . 2009-03-27 16:52 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache 2009-03-27 16:51 . 2009-03-27 16:51 -------- d-sh--w c:\documents and settings\BRICE\IETldCache 2009-03-27 16:48 . 2009-03-27 16:48 -------- d--h--w c:\windows\msdownld.tmp 2009-03-27 16:48 . 2009-03-27 16:48 -------- d-----w c:\windows\ie8updates 2009-03-27 16:43 . 2009-03-27 16:46 -------- dc-h--w c:\windows\ie8 2009-03-27 16:39 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll 2009-03-23 23:23 . 2009-03-23 23:23 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2009-03-23 22:50 . 2001-08-23 16:00 97248 ----a-w c:\windows\system32\drivers\b57xp32.sys 2009-03-23 22:50 . 2001-08-23 16:00 97248 ----a-w c:\windows\system32\dllcache\b57xp32.sys 2009-03-21 14:07 . 2009-03-21 14:07 1054720 ------w c:\windows\system32\dllcache\kernel32.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-14 19:18 . 2007-08-07 17:22 28612640 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-04-14 19:18 . 2007-08-07 17:22 28612640 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-04-14 19:15 . 2007-08-07 17:22 336164 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-04-14 19:01 . 2004-08-20 09:24 90300 ----a-w c:\windows\system32\perfc00C.dat 2009-04-14 19:01 . 2004-08-20 09:24 499892 ----a-w c:\windows\system32\perfh00C.dat 2009-04-14 18:57 . 2007-10-03 18:09 33258205 ----a-w c:\windows\Internet Logs\tvDebug.zip 2009-04-14 16:27 . 2009-04-14 15:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-13 21:05 . 2008-04-10 17:42 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-10 22:55 . 2007-08-07 17:10 -------- d-----w c:\program files\SpywareBlaster 2009-04-10 22:50 . 2009-04-10 22:50 3190688 ----a-w c:\program files\ccsetup218.exe 2009-04-10 22:35 . 2008-06-05 21:25 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-10 22:33 . 2008-06-05 21:26 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-04-10 22:33 . 2008-06-05 21:26 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-04-10 22:33 . 2008-06-05 21:26 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-04-10 22:30 . 2009-04-10 22:28 63752952 ----a-w c:\program files\avg_free_stf_en_85_287a1483.exe 2009-04-10 07:04 . 2006-04-11 00:10 98304 ----a-w c:\windows\DUMP4882.tmp 2009-04-09 14:34 . 2009-04-09 14:34 305664 ----a-w c:\program files\Xtremsplit.exe 2009-04-09 14:13 . 2006-12-12 14:33 -------- d-----w c:\program files\eMule 2009-04-09 14:10 . 2007-06-07 19:12 -------- d-----w c:\documents and settings\BRICE\Application Data\utorrent 2009-04-09 12:46 . 2009-04-05 20:45 3342809 ----a-w c:\program files\eMule0.49c-Installer.exe 2009-04-09 10:44 . 2006-11-11 15:55 -------- d-----w c:\program files\DivX 2009-04-09 10:44 . 2009-04-09 10:44 -------- d-----w c:\program files\Fichiers communs\DivX Shared 2009-04-07 16:52 . 2007-06-17 20:21 -------- d-----w c:\program files\Fichiers communs\Ahead 2009-04-07 16:48 . 2006-04-11 00:25 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-27 17:25 . 2009-03-27 17:25 373025 ----a-w c:\program files\44fr712a.cab 2009-03-27 17:09 . 2006-04-11 00:25 -------- d-----w c:\program files\Dell 2009-03-27 16:02 . 2006-04-11 00:26 -------- d-----w c:\program files\Broadcom 2009-03-27 15:33 . 2009-03-27 15:29 6841280 ----a-w c:\program files\R85255.EXE 2009-03-26 10:18 . 2009-01-25 20:30 -------- d-----w c:\program files\Fichiers communs\Adobe AIR 2009-03-25 22:37 . 2008-11-09 09:38 -------- d-----w c:\documents and settings\BRICE\Application Data\dvdcss 2009-03-23 23:24 . 2009-03-23 23:23 -------- d-----w c:\program files\ma-config.com 2009-03-23 19:09 . 2009-03-23 19:09 -------- d-----w c:\program files\Microsoft Silverlight 2009-03-23 12:46 . 2009-03-23 07:10 -------- d-----w c:\program files\WinXP 2009-03-23 12:45 . 2009-03-23 12:45 40016 ----a-w c:\program files\winxp_amd_x86_64-4.60.zip 2009-03-23 07:09 . 2009-03-23 07:09 35041 ----a-w c:\program files\winxp_32-4.60.zip 2009-03-14 09:27 . 2009-03-14 10:38 2649088 ----a-w c:\windows\Internet Logs\xDB22.tmp 2009-03-08 13:09 . 2006-11-07 02:27 391536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll 2009-03-08 13:09 . 2006-10-17 11:04 638816 ----a-w c:\windows\system32\dllcache\iexplore.exe 2009-03-08 03:41 . 2006-09-14 08:38 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll 2009-03-08 03:39 . 2007-05-11 20:45 11063808 ----a-w c:\windows\system32\dllcache\ieframe.dll 2009-03-08 03:34 . 2006-09-14 08:38 914944 ----a-w c:\windows\system32\dllcache\wininet.dll 2009-03-08 03:34 . 2004-08-20 09:24 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 03:34 . 2006-09-14 08:38 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll 2009-03-08 03:34 . 2006-11-07 20:03 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll 2009-03-08 03:34 . 2006-10-17 11:05 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll 2009-03-08 03:34 . 2004-08-20 09:23 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 03:34 . 2006-10-17 11:05 105984 ----a-w c:\windows\system32\dllcache\url.dll 2009-03-08 03:34 . 2006-10-17 11:04 109568 ----a-w c:\windows\system32\dllcache\occache.dll 2009-03-08 03:34 . 2006-09-14 08:38 193536 ----a-w c:\windows\system32\dllcache\msrating.dll 2009-03-08 03:33 . 2006-09-18 14:15 759296 ----a-w c:\windows\system32\dllcache\VGX.dll 2009-03-08 03:33 . 2009-03-08 03:33 18944 ------w c:\windows\system32\dllcache\corpol.dll 2009-03-08 03:33 . 2004-08-20 09:23 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 03:33 . 2006-09-14 08:38 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll 2009-03-08 03:33 . 2008-05-09 10:55 726528 ----a-w c:\windows\system32\dllcache\jscript.dll 2009-03-08 03:33 . 2006-11-07 02:27 229376 ----a-w c:\windows\system32\dllcache\ieaksie.dll 2009-03-08 03:33 . 2008-05-09 10:55 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll 2009-03-08 03:33 . 2004-08-20 09:24 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 03:33 . 2006-11-07 02:26 125952 ----a-w c:\windows\system32\dllcache\ieakeng.dll 2009-03-08 03:32 . 2006-11-07 02:26 72704 ----a-w c:\windows\system32\dllcache\admparse.dll 2009-03-08 03:32 . 2004-08-20 09:23 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 03:32 . 2006-11-07 02:26 173056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe 2009-03-08 03:32 . 2006-11-07 02:25 163840 ----a-w c:\windows\system32\dllcache\ieakui.dll 2009-03-08 03:32 . 2006-11-07 02:26 71680 ----a-w c:\windows\system32\dllcache\iesetup.dll 2009-03-08 03:32 . 2006-11-07 02:26 55808 ----a-w c:\windows\system32\dllcache\iernonce.dll 2009-03-08 03:32 . 2004-08-20 09:23 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 03:32 . 2006-11-07 02:26 128512 ----a-w c:\windows\system32\dllcache\advpack.dll 2009-03-08 03:32 . 2006-09-14 08:38 94720 ----a-w c:\windows\system32\dllcache\inseng.dll 2009-03-08 03:32 . 2007-05-11 20:45 594432 ----a-w c:\windows\system32\dllcache\msfeeds.dll 2009-03-08 03:32 . 2007-05-11 20:45 1985024 ----a-w c:\windows\system32\dllcache\iertutil.dll 2009-03-08 03:32 . 2006-09-14 08:38 611840 ----a-w c:\windows\system32\dllcache\mstime.dll 2009-03-08 03:24 . 2006-10-17 10:44 68608 ----a-w c:\windows\system32\dllcache\hmmapi.dll 2009-03-08 03:22 . 2006-11-07 20:03 156160 ----a-w c:\windows\system32\dllcache\msls31.dll 2009-03-08 03:22 . 2004-08-20 09:23 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-08 03:11 . 2007-05-11 20:45 445952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll 2009-03-06 14:20 . 2004-08-20 09:24 286720 ----a-w c:\windows\system32\pdh.dll 2009-03-03 16:00 . 2009-03-03 16:00 20882215 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_03_16_53_46_full.dmp.zip 2009-03-02 16:17 . 2009-03-02 16:19 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-02 16:17 . 2006-04-11 00:22 -------- d-----w c:\program files\Java 2009-02-17 21:51 . 2007-12-09 18:54 -------- d-----w c:\documents and settings\BRICE\Application Data\Skype 2009-02-17 21:17 . 2007-12-09 18:56 -------- d-----w c:\documents and settings\BRICE\Application Data\skypePM 2009-02-10 17:06 . 2008-10-16 10:03 2068096 ------w c:\windows\system32\dllcache\ntkrnlpa.exe 2009-02-10 17:06 . 2004-08-03 23:48 2068096 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 14:05 . 2008-10-16 10:03 1846912 ------w c:\windows\system32\dllcache\win32k.sys 2009-02-09 14:05 . 2004-08-20 09:24 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:24 . 2008-10-16 10:03 2191104 ------w c:\windows\system32\dllcache\ntoskrnl.exe 2009-02-09 11:24 . 2004-08-20 09:23 2191104 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:23 . 2008-10-16 10:03 2025984 ------w c:\windows\system32\dllcache\ntkrpamp.exe 2009-02-09 11:23 . 2008-10-16 10:03 2147328 ------w c:\windows\system32\dllcache\ntkrnlmp.exe 2009-02-09 11:23 . 2004-08-20 09:24 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:53 . 2004-08-20 09:23 735744 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:53 . 2004-08-20 09:24 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:53 . 2004-08-20 09:23 739840 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 10:53 . 2004-08-20 09:23 685568 ----a-w c:\windows\system32\advapi32.dll 2009-02-07 10:03 . 2009-02-07 10:03 6598232 ----a-w c:\program files\Juice22Setup.exe 2009-02-06 20:07 . 2007-05-11 20:45 3698584 ----a-w c:\windows\system32\dllcache\ieapfltr.dat 2009-02-06 10:39 . 2004-08-20 09:24 35328 ----a-w c:\windows\system32\sc.exe 2009-02-06 10:39 . 2004-08-20 09:24 35328 ----a-w c:\windows\system32\dllcache\sc.exe 2009-02-05 11:06 . 2009-02-05 11:06 2223653 ----a-w c:\program files\mpc2kxp6490.zip 2009-02-05 10:42 . 2009-02-05 10:42 16320472 ----a-w c:\program files\vlc-0.9.8a-win32.exe 2009-02-03 19:58 . 2009-02-03 19:58 56832 ------w c:\windows\system32\dllcache\secur32.dll . ((((((((((((((((((((((((((((( SnapShot@2009-04-14_17.01.54 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-20 09:24 . 2009-02-03 19:58 56832 c:\windows\system32\secur32.dll + 2004-08-20 09:24 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe + 2004-08-20 09:24 . 2009-04-14 19:01 90300 c:\windows\system32\perfc00C.dat - 2004-08-20 09:24 . 2009-03-29 10:30 90300 c:\windows\system32\perfc00C.dat + 2004-08-20 09:24 . 2009-04-14 19:01 73186 c:\windows\system32\perfc009.dat - 2004-08-20 09:24 . 2009-03-29 10:30 73186 c:\windows\system32\perfc009.dat - 2004-08-20 09:34 . 2008-04-14 02:33 91648 c:\windows\system32\mtxoci.dll + 2004-08-20 09:34 . 2008-06-12 14:22 91648 c:\windows\system32\mtxoci.dll - 2004-08-20 09:23 . 2008-04-14 02:33 66560 c:\windows\system32\mtxclu.dll + 2004-08-20 09:23 . 2008-06-12 14:22 66560 c:\windows\system32\mtxclu.dll - 2004-08-20 09:34 . 2008-04-14 02:33 58880 c:\windows\system32\msdtclog.dll + 2004-08-20 09:34 . 2008-06-12 14:22 58880 c:\windows\system32\msdtclog.dll + 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll + 2004-08-20 09:24 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe + 2004-08-20 09:34 . 2008-06-12 14:22 91648 c:\windows\system32\dllcache\mtxoci.dll - 2004-08-20 09:34 . 2008-04-14 02:33 91648 c:\windows\system32\dllcache\mtxoci.dll + 2008-06-12 14:22 . 2008-06-12 14:22 66560 c:\windows\system32\dllcache\mtxclu.dll + 2004-08-20 09:34 . 2008-06-12 14:22 58880 c:\windows\system32\dllcache\msdtclog.dll - 2004-08-20 09:34 . 2008-04-14 02:33 58880 c:\windows\system32\dllcache\msdtclog.dll + 2006-04-11 00:29 . 2009-04-14 18:48 23040 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2006-04-11 00:29 . 2009-03-28 18:18 23040 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2006-04-11 00:29 . 2009-03-28 18:17 61440 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2006-04-11 00:29 . 2009-04-14 18:48 61440 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2006-04-11 00:29 . 2009-04-14 18:48 27136 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2006-04-11 00:29 . 2009-03-28 18:18 27136 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2006-04-11 00:29 . 2009-04-14 18:48 11264 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2006-04-11 00:29 . 2009-03-28 18:18 11264 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2006-04-11 00:29 . 2009-03-28 18:18 12288 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2006-04-11 00:29 . 2009-04-14 18:48 12288 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-05-05 05:25 . 2008-05-05 05:25 3072 c:\windows\system32\xpsp4res.dll - 2006-04-11 00:29 . 2009-03-28 18:18 4096 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2006-04-11 00:29 . 2009-04-14 18:48 4096 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2004-08-20 09:24 . 2008-12-16 12:31 354304 c:\windows\system32\winhttp.dll - 2004-08-20 09:24 . 2008-04-14 02:33 354304 c:\windows\system32\winhttp.dll + 2004-08-20 09:34 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe + 2004-08-20 09:34 . 2009-02-09 10:53 453120 c:\windows\system32\wbem\wmiprvsd.dll + 2004-08-20 09:34 . 2009-02-09 10:53 473600 c:\windows\system32\wbem\fastprox.dll + 2004-08-20 09:24 . 2009-02-09 11:23 111104 c:\windows\system32\services.exe + 2004-08-20 09:24 . 2009-02-09 10:53 401408 c:\windows\system32\rpcss.dll - 2004-08-20 09:24 . 2009-03-29 10:30 499892 c:\windows\system32\perfh00C.dat + 2004-08-20 09:24 . 2009-04-14 19:01 499892 c:\windows\system32\perfh00C.dat - 2004-08-20 09:24 . 2009-03-29 10:30 427118 c:\windows\system32\perfh009.dat + 2004-08-20 09:24 . 2009-04-14 19:01 427118 c:\windows\system32\perfh009.dat + 2004-08-20 09:24 . 2009-03-06 14:20 286720 c:\windows\system32\pdh.dll - 2004-08-20 09:24 . 2008-04-14 02:33 286720 c:\windows\system32\pdh.dll + 2004-08-20 09:23 . 2009-02-09 10:53 739840 c:\windows\system32\ntdll.dll - 2004-08-20 09:34 . 2008-04-14 02:33 161792 c:\windows\system32\msdtcuiu.dll + 2004-08-20 09:34 . 2008-06-12 14:22 161792 c:\windows\system32\msdtcuiu.dll - 2004-08-20 09:34 . 2008-04-14 02:33 956928 c:\windows\system32\msdtctm.dll + 2004-08-20 09:34 . 2008-06-12 14:22 956928 c:\windows\system32\msdtctm.dll + 2004-08-20 09:34 . 2008-06-12 14:22 428032 c:\windows\system32\msdtcprx.dll + 2004-08-20 09:23 . 2009-02-09 10:53 735744 c:\windows\system32\lsasrv.dll + 2009-04-14 17:32 . 2008-04-21 21:15 219136 c:\windows\system32\dllcache\wordpad.exe + 2009-04-14 17:33 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe + 2009-04-14 17:33 . 2009-02-09 10:53 453120 c:\windows\system32\dllcache\wmiprvsd.dll + 2009-04-14 17:32 . 2008-12-16 12:31 354304 c:\windows\system32\dllcache\winhttp.dll + 2009-04-14 17:33 . 2009-02-09 11:23 111104 c:\windows\system32\dllcache\services.exe + 2009-04-14 17:33 . 2009-02-09 10:53 401408 c:\windows\system32\dllcache\rpcss.dll + 2009-04-14 17:33 . 2009-03-06 14:20 286720 c:\windows\system32\dllcache\pdh.dll + 2009-04-14 17:32 . 2009-02-09 10:53 739840 c:\windows\system32\dllcache\ntdll.dll + 2004-08-20 09:34 . 2008-06-12 14:22 161792 c:\windows\system32\dllcache\msdtcuiu.dll - 2004-08-20 09:34 . 2008-04-14 02:33 161792 c:\windows\system32\dllcache\msdtcuiu.dll + 2004-08-20 09:34 . 2008-06-12 14:22 956928 c:\windows\system32\dllcache\msdtctm.dll - 2004-08-20 09:34 . 2008-04-14 02:33 956928 c:\windows\system32\dllcache\msdtctm.dll + 2004-08-20 09:34 . 2008-06-12 14:22 428032 c:\windows\system32\dllcache\msdtcprx.dll + 2009-04-14 17:33 . 2009-02-09 10:53 735744 c:\windows\system32\dllcache\lsasrv.dll + 2009-04-14 17:33 . 2009-02-09 10:53 473600 c:\windows\system32\dllcache\fastprox.dll + 2009-04-14 17:33 . 2009-02-09 10:53 685568 c:\windows\system32\dllcache\advapi32.dll - 2004-08-20 09:23 . 2008-04-14 02:33 685568 c:\windows\system32\advapi32.dll + 2004-08-20 09:23 . 2009-02-09 10:53 685568 c:\windows\system32\advapi32.dll + 2006-04-11 00:29 . 2009-04-14 18:48 409600 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2006-04-11 00:29 . 2009-03-28 18:17 409600 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2006-04-11 00:29 . 2009-03-28 18:17 286720 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2006-04-11 00:29 . 2009-04-14 18:48 286720 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2006-04-11 00:29 . 2009-03-28 18:18 249856 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2006-04-11 00:29 . 2009-04-14 18:48 249856 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2006-04-11 00:29 . 2009-03-28 18:18 794624 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2006-04-11 00:29 . 2009-04-14 18:48 794624 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2006-04-11 00:29 . 2009-04-14 18:48 135168 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\misc.exe - 2006-04-11 00:29 . 2009-03-28 18:17 135168 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\misc.exe + 2004-08-20 09:24 . 2008-12-20 22:14 1294336 c:\windows\system32\quartz.dll - 2004-08-20 09:24 . 2008-05-07 05:11 1294336 c:\windows\system32\quartz.dll + 2004-08-20 09:23 . 2009-02-09 11:24 2191104 c:\windows\system32\ntoskrnl.exe + 2004-08-03 23:48 . 2009-02-10 17:06 2068096 c:\windows\system32\ntkrnlpa.exe - 2004-08-03 23:48 . 2008-08-14 13:23 2068096 c:\windows\system32\ntkrnlpa.exe + 2004-08-20 09:23 . 2009-03-21 14:07 1054720 c:\windows\system32\kernel32.dll - 2004-08-20 09:23 . 2008-04-14 02:33 1054720 c:\windows\system32\kernel32.dll - 2008-05-07 05:11 . 2008-05-07 05:11 1294336 c:\windows\system32\dllcache\quartz.dll + 2008-05-07 05:11 . 2008-12-20 22:14 1294336 c:\windows\system32\dllcache\quartz.dll + 2008-10-16 10:03 . 2009-02-09 11:24 2191104 c:\windows\system32\dllcache\ntoskrnl.exe + 2008-10-16 10:03 . 2009-02-09 11:23 2025984 c:\windows\system32\dllcache\ntkrpamp.exe - 2008-10-16 10:03 . 2008-08-14 13:23 2025984 c:\windows\system32\dllcache\ntkrpamp.exe - 2008-10-16 10:03 . 2008-08-14 13:23 2068096 c:\windows\system32\dllcache\ntkrnlpa.exe + 2008-10-16 10:03 . 2009-02-10 17:06 2068096 c:\windows\system32\dllcache\ntkrnlpa.exe + 2008-10-16 10:03 . 2009-02-09 11:23 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe - 2008-10-16 10:03 . 2008-08-14 13:23 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe + 2009-03-21 14:07 . 2009-03-21 14:07 1054720 c:\windows\system32\dllcache\kernel32.dll + 2008-10-16 10:03 . 2009-02-09 11:24 2191104 c:\windows\Driver Cache\i386\ntoskrnl.exe - 2008-10-16 10:03 . 2008-08-14 13:23 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2008-10-16 10:03 . 2009-02-09 11:23 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2008-10-16 10:03 . 2009-02-10 17:06 2068096 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2008-10-16 10:03 . 2008-08-14 13:23 2068096 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2008-10-16 10:03 . 2008-08-14 13:23 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2008-10-16 10:03 . 2009-02-09 11:23 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2006-12-10 16:48 . 2009-04-06 14:57 24921544 c:\windows\system32\MRT.exe + 2007-08-07 17:22 . 2009-04-14 19:18 28612640 c:\windows\system32\drivers\fidbox.dat . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-10 1932568] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-04-10 22:33 10520 ----a-w c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Service Manager.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Service Manager.lnk backup=c:\windows\pss\Service Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\utorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel) "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R4 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2009-02-05 61440] R4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-10 325640] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-10 108552] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-10 908056] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-10 298264] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70eb7bd3-962e-11dd-b08a-00038a000015}] \Shell\AutoRun\command - WD_Windows_Tools\Setup.exe . Contenu du dossier 'Tâches planifiées' 2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2006-04-16 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-20 02:34] . . ------- Examen supplémentaire ------- . IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-14 21:18 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,45,45,93,5d,37, 3c,15,09,e2,63,26,f1,3f,c8,ff,68,69,b2,89,05,b8,ca,70,c3,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,bd,92,28,97,92, 57,fe,ca,6a,9c,d6,61,af,45,84,18,24,4e,1d,a6,42,8b,0a,b9,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,6d,6e,a8,49,5f, 40,ec,66,ff,7c,85,e0,43,d4,0e,fe,97,4f,62,5a,98,f9,6f,b8,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,fa,be,54,a3,ba, ce,82,76,86,8c,21,01,be,91,eb,e7,d7,a6,8e,36,80,e2,17,bd,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,c8,40,86,e9,ff, 65,c7,14,f5,1d,4d,73,a8,13,5c,05,de,ff,ac,58,62,0d,6b,c1,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,ea,fa,3d,5d,e3, 26,7a,ba,df,20,58,62,78,6b,cf,c8,24,1c,f4,5f,3e,28,5f,06,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,38,b9,8a,ea,e2, f9,c2,df,fb,a7,78,e6,12,2f,9a,ea,ab,3b,69,b1,af,87,ef,ab,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,1b,26,ed,88,46, 02,7b,46,01,3a,48,fc,e8,04,4a,f1,8b,2b,53,99,b3,35,46,ba,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,d9,76,1c,69,76, 94,1f,f6,f6,0f,4e,58,98,5b,89,c9,43,4d,39,5c,e3,73,01,48,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,12,5e,c9,77,5e, 2f,e1,16,3d,ce,ea,26,2d,45,aa,78,58,1e,43,0d,64,0f,f7,f1,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,43,37,98,ec,4d, a2,7a,f9,2a,b7,cc,b5,b9,7f,41,e7,67,0e,6f,46,9c,8e,6d,36,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,d4,c1,b2,35,60, c5,1b,74,6c,43,2d,1e,aa,22,2f,9c,e3,d8,c3,62,9c,f1,d1,f2,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(1316) c:\windows\system32\ieframe.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\AVG\AVG8\avgtray.exe . ************************************************************************** . Heure de fin: ~,10time:~,-3machine was rebootedCombobatch-by ComboFix-quarantined-files.txt 2009-04-14 19:25 ComboFix2.txt 2009-04-14 17:06 Avant-CF: 8 917 577 728 octets libres Après-CF: 8 902 483 968 octets libres Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4 423 --- E O F --- 2009-04-14 18:55 du nouveau?
  10. fleafly
    voilà, voilà... ComboFix 09-04-14.09 - BRICE 14/04/2009 18:48.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.503.208 [GMT 2:00] Lancé depuis: c:\documents and settings\BRICE\Bureau\pouet.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) FW: ZoneAlarm Firewall *enabled* . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\\setup.exe c:\windows\emMON.exe c:\windows\system32\drivers\UACptkyprqx.sys c:\windows\system32\UACaothjqlo.dll c:\windows\system32\UACfammqujb.log c:\windows\system32\UACfjpkexte.db c:\windows\system32\uacinit.dll c:\windows\system32\UACloanstaw.log c:\windows\system32\UAClqeeajgi.log c:\windows\system32\UACnbsmkamq.dll c:\windows\system32\UACplvreecb.dll c:\windows\system32\UACrxkavfvm.dll c:\windows\system32\UACvxvgubxy.dll c:\windows\system32\UACwtiqqfth.dat c:\windows\system32\UACyqqkmpqb.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_FAD ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-14 au 2009-04-14 )))))))))))))))))))))))))))))))))))) . 2009-04-14 16:19 . 2009-04-14 16:23 687104 ----a-w c:\windows\isRS-000.tmp 2009-04-14 16:19 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-14 16:19 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-14 16:14 . 2009-04-14 16:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-10 06:52 . 2009-04-10 06:52 0 ----a-w c:\windows\system32\uactmp.db 2009-04-03 17:19 . 2009-04-03 17:19 -------- d-sh--w c:\documents and settings\BRICE\IECompatCache 2009-03-27 20:46 . 2009-03-27 20:46 -------- d-sh--w c:\documents and settings\BRICE\PrivacIE 2009-03-27 16:52 . 2009-03-27 16:52 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache 2009-03-27 16:51 . 2009-03-27 16:51 -------- d-sh--w c:\documents and settings\BRICE\IETldCache 2009-03-27 16:48 . 2009-03-27 16:48 -------- d--h--w c:\windows\msdownld.tmp 2009-03-27 16:48 . 2009-03-27 16:48 -------- d-----w c:\windows\ie8updates 2009-03-27 16:43 . 2009-03-27 16:46 -------- dc-h--w c:\windows\ie8 2009-03-27 16:39 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll 2009-03-23 23:23 . 2009-03-23 23:23 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2009-03-23 22:50 . 2001-08-23 16:00 97248 ----a-w c:\windows\system32\drivers\b57xp32.sys 2009-03-23 22:50 . 2001-08-23 16:00 97248 ----a-w c:\windows\system32\dllcache\b57xp32.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-14 17:01 . 2007-08-07 17:22 28278816 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-04-14 17:01 . 2007-08-07 17:22 28278816 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-04-14 16:58 . 2007-08-07 17:22 332228 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-04-14 16:27 . 2009-04-14 15:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-14 15:51 . 2007-10-03 18:09 32423435 ----a-w c:\windows\Internet Logs\tvDebug.zip 2009-04-13 21:05 . 2008-04-10 17:42 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-10 22:55 . 2007-08-07 17:10 -------- d-----w c:\program files\SpywareBlaster 2009-04-10 22:50 . 2009-04-10 22:50 3190688 ----a-w c:\program files\ccsetup218.exe 2009-04-10 22:35 . 2008-06-05 21:25 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-10 22:33 . 2008-06-05 21:26 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-04-10 22:33 . 2008-06-05 21:26 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-04-10 22:33 . 2008-06-05 21:26 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-04-10 22:30 . 2009-04-10 22:28 63752952 ----a-w c:\program files\avg_free_stf_en_85_287a1483.exe 2009-04-10 07:04 . 2006-04-11 00:10 98304 ----a-w c:\windows\DUMP4882.tmp 2009-04-09 14:34 . 2009-04-09 14:34 305664 ----a-w c:\program files\Xtremsplit.exe 2009-04-09 14:13 . 2006-12-12 14:33 -------- d-----w c:\program files\eMule 2009-04-09 14:10 . 2007-06-07 19:12 -------- d-----w c:\documents and settings\BRICE\Application Data\utorrent 2009-04-09 12:46 . 2009-04-05 20:45 3342809 ----a-w c:\program files\eMule0.49c-Installer.exe 2009-04-09 10:44 . 2006-11-11 15:55 -------- d-----w c:\program files\DivX 2009-04-09 10:44 . 2009-04-09 10:44 -------- d-----w c:\program files\Fichiers communs\DivX Shared 2009-04-07 16:52 . 2007-06-17 20:21 -------- d-----w c:\program files\Fichiers communs\Ahead 2009-04-07 16:48 . 2006-04-11 00:25 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-29 10:30 . 2004-08-20 09:24 90300 ----a-w c:\windows\system32\perfc00C.dat 2009-03-29 10:30 . 2004-08-20 09:24 499892 ----a-w c:\windows\system32\perfh00C.dat 2009-03-27 17:25 . 2009-03-27 17:25 373025 ----a-w c:\program files\44fr712a.cab 2009-03-27 17:09 . 2006-04-11 00:25 -------- d-----w c:\program files\Dell 2009-03-27 16:02 . 2006-04-11 00:26 -------- d-----w c:\program files\Broadcom 2009-03-27 15:33 . 2009-03-27 15:29 6841280 ----a-w c:\program files\R85255.EXE 2009-03-26 10:18 . 2009-01-25 20:30 -------- d-----w c:\program files\Fichiers communs\Adobe AIR 2009-03-25 22:37 . 2008-11-09 09:38 -------- d-----w c:\documents and settings\BRICE\Application Data\dvdcss 2009-03-23 23:24 . 2009-03-23 23:23 -------- d-----w c:\program files\ma-config.com 2009-03-23 19:09 . 2009-03-23 19:09 -------- d-----w c:\program files\Microsoft Silverlight 2009-03-23 12:46 . 2009-03-23 07:10 -------- d-----w c:\program files\WinXP 2009-03-23 12:45 . 2009-03-23 12:45 40016 ----a-w c:\program files\winxp_amd_x86_64-4.60.zip 2009-03-23 07:09 . 2009-03-23 07:09 35041 ----a-w c:\program files\winxp_32-4.60.zip 2009-03-14 09:27 . 2009-03-14 10:38 2649088 ----a-w c:\windows\Internet Logs\xDB22.tmp 2009-03-08 13:09 . 2006-11-07 02:27 391536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll 2009-03-08 13:09 . 2006-10-17 11:04 638816 ----a-w c:\windows\system32\dllcache\iexplore.exe 2009-03-08 03:41 . 2006-09-14 08:38 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll 2009-03-08 03:39 . 2007-05-11 20:45 11063808 ----a-w c:\windows\system32\dllcache\ieframe.dll 2009-03-08 03:34 . 2006-09-14 08:38 914944 ----a-w c:\windows\system32\dllcache\wininet.dll 2009-03-08 03:34 . 2004-08-20 09:24 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 03:34 . 2006-09-14 08:38 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll 2009-03-08 03:34 . 2006-11-07 20:03 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll 2009-03-08 03:34 . 2006-10-17 11:05 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll 2009-03-08 03:34 . 2004-08-20 09:23 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 03:34 . 2006-10-17 11:05 105984 ----a-w c:\windows\system32\dllcache\url.dll 2009-03-08 03:34 . 2006-10-17 11:04 109568 ----a-w c:\windows\system32\dllcache\occache.dll 2009-03-08 03:34 . 2006-09-14 08:38 193536 ----a-w c:\windows\system32\dllcache\msrating.dll 2009-03-08 03:33 . 2006-09-18 14:15 759296 ----a-w c:\windows\system32\dllcache\VGX.dll 2009-03-08 03:33 . 2009-03-08 03:33 18944 ------w c:\windows\system32\dllcache\corpol.dll 2009-03-08 03:33 . 2004-08-20 09:23 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 03:33 . 2006-09-14 08:38 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll 2009-03-08 03:33 . 2008-05-09 10:55 726528 ----a-w c:\windows\system32\dllcache\jscript.dll 2009-03-08 03:33 . 2006-11-07 02:27 229376 ----a-w c:\windows\system32\dllcache\ieaksie.dll 2009-03-08 03:33 . 2008-05-09 10:55 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll 2009-03-08 03:33 . 2004-08-20 09:24 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 03:33 . 2006-11-07 02:26 125952 ----a-w c:\windows\system32\dllcache\ieakeng.dll 2009-03-08 03:32 . 2006-11-07 02:26 72704 ----a-w c:\windows\system32\dllcache\admparse.dll 2009-03-08 03:32 . 2004-08-20 09:23 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 03:32 . 2006-11-07 02:26 173056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe 2009-03-08 03:32 . 2006-11-07 02:25 163840 ----a-w c:\windows\system32\dllcache\ieakui.dll 2009-03-08 03:32 . 2006-11-07 02:26 71680 ----a-w c:\windows\system32\dllcache\iesetup.dll 2009-03-08 03:32 . 2006-11-07 02:26 55808 ----a-w c:\windows\system32\dllcache\iernonce.dll 2009-03-08 03:32 . 2004-08-20 09:23 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 03:32 . 2006-11-07 02:26 128512 ----a-w c:\windows\system32\dllcache\advpack.dll 2009-03-08 03:32 . 2006-09-14 08:38 94720 ----a-w c:\windows\system32\dllcache\inseng.dll 2009-03-08 03:32 . 2007-05-11 20:45 594432 ----a-w c:\windows\system32\dllcache\msfeeds.dll 2009-03-08 03:32 . 2007-05-11 20:45 1985024 ----a-w c:\windows\system32\dllcache\iertutil.dll 2009-03-08 03:32 . 2006-09-14 08:38 611840 ----a-w c:\windows\system32\dllcache\mstime.dll 2009-03-08 03:24 . 2006-10-17 10:44 68608 ----a-w c:\windows\system32\dllcache\hmmapi.dll 2009-03-08 03:22 . 2006-11-07 20:03 156160 ----a-w c:\windows\system32\dllcache\msls31.dll 2009-03-08 03:22 . 2004-08-20 09:23 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-08 03:11 . 2007-05-11 20:45 445952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll 2009-03-03 16:00 . 2009-03-03 16:00 20882215 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_03_16_53_46_full.dmp.zip 2009-03-02 16:17 . 2009-03-02 16:19 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-02 16:17 . 2006-04-11 00:22 -------- d-----w c:\program files\Java 2009-02-17 21:51 . 2007-12-09 18:54 -------- d-----w c:\documents and settings\BRICE\Application Data\Skype 2009-02-17 21:17 . 2007-12-09 18:56 -------- d-----w c:\documents and settings\BRICE\Application Data\skypePM 2009-02-09 14:05 . 2008-10-16 10:03 1846912 ------w c:\windows\system32\dllcache\win32k.sys 2009-02-09 14:05 . 2004-08-20 09:24 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-07 10:03 . 2009-02-07 10:03 6598232 ----a-w c:\program files\Juice22Setup.exe 2009-02-06 20:07 . 2007-05-11 20:45 3698584 ----a-w c:\windows\system32\dllcache\ieapfltr.dat 2009-02-05 11:06 . 2009-02-05 11:06 2223653 ----a-w c:\program files\mpc2kxp6490.zip 2009-02-05 10:42 . 2009-02-05 10:42 16320472 ----a-w c:\program files\vlc-0.9.8a-win32.exe 2008-12-30 17:06 . 2008-12-30 17:06 3165824 ----a-w c:\program files\ccsetup215.exe 2008-12-02 16:53 . 2008-09-30 21:15 42609040 ----a-w c:\program files\zlsSetup_70_462_000_fr.exe 2008-11-29 12:08 . 2008-11-29 11:34 54784 -c--a-w c:\program files\SOLDE_LISTE_GUERINOT_-_HOUDELET_27_11_2008.xls 2008-11-28 22:31 . 2008-11-28 22:31 27288880 ----a-w c:\program files\QuickTimeInstaller.exe 2008-11-11 10:53 . 2008-11-11 10:52 2955128 ----a-w c:\program files\ccsetup213.exe 2008-10-17 23:41 . 2008-10-17 23:41 2869536 ----a-w c:\program files\spywareblastersetup41.exe 2008-10-17 23:30 . 2008-10-17 23:30 2934168 ----a-w c:\program files\ccsetup212.exe 2008-09-12 20:11 . 2006-04-16 08:13 95264 -c--a-w c:\documents and settings\VALERIE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-09-11 09:09 . 2008-09-11 09:09 828592 ----a-w c:\program files\mp3splitterjoiner_pro.exe 2008-09-09 22:19 . 2008-09-09 22:15 60851834 ----a-w c:\program files\MediaStudio5.zip 2008-09-01 05:45 . 2006-06-23 09:20 95264 ----a-w c:\documents and settings\BRICE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-08-27 22:30 . 2008-08-27 22:25 61832392 ----a-w c:\program files\MediaStudio5_5212.exe 2008-08-10 18:56 . 2008-08-10 18:56 20594000 ----a-w c:\program files\msnsetup_full.exe 2008-08-06 16:15 . 2008-08-06 16:15 1495112 ----a-w c:\program files\install_flash_player.exe 2008-08-03 19:35 . 2008-08-03 19:35 3231826 ----a-w c:\program files\eMule0.49b-Installer1.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-10 1932568] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-04-10 22:33 10520 ----a-w c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Service Manager.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Service Manager.lnk backup=c:\windows\pss\Service Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl] [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 21:16 39792 ----a-w c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2005-10-07 05:13 176128 ----a-r c:\program files\Apoint\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2008-07-10 07:47 116040 -c--a-w c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] 2005-02-28 09:53 53248 ----a-r c:\windows\VM_STI.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Canal Widget] 2009-02-05 12:53 106040 ----a-w c:\program files\Canal\Canal Widget\Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 02:33 15360 ----a-w c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2005-12-15 09:44 839680 ----a-w c:\program files\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2005-11-01 02:12 94208 ----a-w c:\program files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless] 2006-11-08 09:22 696320 ----a-w c:\program files\Intel\Wireless\Bin\iFrmewrk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] 2006-11-08 09:28 802816 ----a-w c:\program files\Intel\Wireless\bin\ZCfgSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-09-11 02:56 218032 ----a-w c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2006-09-11 02:56 218032 ----a-w c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-09-11 02:56 86960 ----a-w c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-07-10 08:51 289064 -c--a-w c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-09-06 14:09 413696 ----a-w c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2006-04-11 00:30 26112 ----a-w c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray] 2007-12-14 15:19 132624 ------w c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-03-02 16:17 136600 ----a-w c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\utorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel) "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R4 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2009-02-05 61440] R4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-10 325640] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-10 108552] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-10 908056] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-10 298264] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70eb7bd3-962e-11dd-b08a-00038a000015}] \Shell\AutoRun\command - WD_Windows_Tools\Setup.exe . Contenu du dossier 'Tâches planifiées' 2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2006-04-16 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-20 02:34] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-Pinnacle WebUpdater - c:\program files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe -s -f=UpdateVersion.xml Notify-WgaLogon - (no file) MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe . ------- Examen supplémentaire ------- . IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-14 19:01 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,45,45,93,5d,37, 3c,15,09,e2,63,26,f1,3f,c8,ff,68,69,b2,89,05,b8,ca,70,c3,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,bd,92,28,97,92, 57,fe,ca,6a,9c,d6,61,af,45,84,18,24,4e,1d,a6,42,8b,0a,b9,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,6d,6e,a8,49,5f, 40,ec,66,ff,7c,85,e0,43,d4,0e,fe,97,4f,62,5a,98,f9,6f,b8,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,fa,be,54,a3,ba, ce,82,76,86,8c,21,01,be,91,eb,e7,d7,a6,8e,36,80,e2,17,bd,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,c8,40,86,e9,ff, 65,c7,14,f5,1d,4d,73,a8,13,5c,05,de,ff,ac,58,62,0d,6b,c1,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,ea,fa,3d,5d,e3, 26,7a,ba,df,20,58,62,78,6b,cf,c8,24,1c,f4,5f,3e,28,5f,06,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,38,b9,8a,ea,e2, f9,c2,df,fb,a7,78,e6,12,2f,9a,ea,ab,3b,69,b1,af,87,ef,ab,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,1b,26,ed,88,46, 02,7b,46,01,3a,48,fc,e8,04,4a,f1,8b,2b,53,99,b3,35,46,ba,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,d9,76,1c,69,76, 94,1f,f6,f6,0f,4e,58,98,5b,89,c9,43,4d,39,5c,e3,73,01,48,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,12,5e,c9,77,5e, 2f,e1,16,3d,ce,ea,26,2d,45,aa,78,58,1e,43,0d,64,0f,f7,f1,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,43,37,98,ec,4d, a2,7a,f9,2a,b7,cc,b5,b9,7f,41,e7,67,0e,6f,46,9c,8e,6d,36,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,d4,c1,b2,35,60, c5,1b,74,6c,43,2d,1e,aa,22,2f,9c,e3,d8,c3,62,9c,f1,d1,f2,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(1024) c:\windows\system32\ieframe.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe . ************************************************************************** . Heure de fin: ~,10time:~,-3machine was rebootedCombobatch-by ComboFix-quarantined-files.txt 2009-04-14 17:06 Avant-CF: 9 161 535 488 octets libres Après-CF: 9 207 709 696 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4 363 --- E O F --- 2009-03-28 18:18 Bonne lecture!
  11. fleafly
    ça se complique... L'installation de MBAM a d'abord échoué au cours de la finalisation puis, après désinstallation et de nombreux essais, échoue au cours de l'extraction des fichiers. Impossible d'installer ce logiciel... Que puis-je faire?
  12. fleafly
    merci beaucoup pour la rapidité de votre réponse Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:11:18, on 13/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\MSN\MSNCoreFiles\msn6.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MSNMES~1\msnmsgr.exe C:\Program Files\MSN Messenger\livecall.exe C:\Documents and Settings\BRICE\Mes documents\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_2_0.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageUplo...geUploader3.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe -- End of file - 7779 bytes j'attends la suite des événements...
  13. fleafly
    Bonjour à tous, suite à une inactivation involontaire de mon anti-virus (AVG), mon ordinateur est infecté par le virus win32 cryptor (décelé par ce même AVG). Depuis qqes jours, ma connexion internet ne dure que quelques minutes avant de planter et la restauration système est impossible. De plus, j'ai de nombreux plantages au démarrage. Que faire pour me débarrasser de ce virus et retrouver un ordi fonctionnel? Je n'ai pas de grandes connaissances en informatique, votre aide me sera donc précieuse. D'avance, merci!
×
×
  • Créer...