Aller au contenu

libouner

Membres
  • Compteur de contenus

    10
  • Inscription

  • Dernière visite

Tout ce qui a été posté par libouner

  1. et voici le rapport de supression toolbar s&d -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 3.20GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02 USER : sebastien ( Administrator ) BOOT : Normal boot Antivirus : (Not Activated) Firewall : (Not Activated) C:\ (Local Disk) - NTFS - Total:232 Go (Free:127 Go) D:\ (CD or DVD) E:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [2] ( 04/10/2009|16:24 ) -----------\\ SUPPRESSION Supprime! - C:\Program Files\AskSBar\bar Supprime! - C:\Program Files\AskSBar -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (nathalie.FAMILLE-LIBERT) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (sebastien.FAMILLE-LIBERT) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 04/10/2009|16:17 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 04/10/2009|16:20 - Option : [1] 3 - "C:\ToolBar SD\TB_3.txt" - 04/10/2009|16:24 - Option : [2] -----------\\ Fin du rapport a 16:24:53,04
  2. voici le rapport de recherche toolbar s&d -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 3.20GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02 USER : sebastien ( Administrator ) BOOT : Normal boot Antivirus : (Not Activated) Firewall : (Not Activated) C:\ (Local Disk) - NTFS - Total:232 Go (Free:127 Go) D:\ (CD or DVD) E:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [1] ( 04/10/2009|16:19 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\AskSBar C:\Program Files\AskSBar\bar C:\Program Files\AskSBar\bar\2.bin C:\Program Files\AskSBar\bar\Cache C:\Program Files\AskSBar\bar\History C:\Program Files\AskSBar\bar\Settings C:\Program Files\AskSBar\bar\2.bin\A2FFXTBR.JAR C:\Program Files\AskSBar\bar\2.bin\A2FFXTBR.MANIFEST C:\Program Files\AskSBar\bar\2.bin\A2HIGHIN.EXE C:\Program Files\AskSBar\bar\2.bin\A2NTSTBR.JAR C:\Program Files\AskSBar\bar\2.bin\A2NTSTBR.MANIFEST C:\Program Files\AskSBar\bar\2.bin\A2PLUGIN.DLL C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL C:\Program Files\AskSBar\bar\2.bin\NPASKSBR.DLL C:\Program Files\AskSBar\bar\2.bin\V2RSSMNU.DLL C:\Program Files\AskSBar\bar\Cache\00068138 C:\Program Files\AskSBar\bar\Cache\00082DDF C:\Program Files\AskSBar\bar\Cache\0011D389.bin C:\Program Files\AskSBar\bar\Cache\0011D53F.bin C:\Program Files\AskSBar\bar\Cache\0011D704.bin C:\Program Files\AskSBar\bar\Cache\0011D88A.bin C:\Program Files\AskSBar\bar\Cache\0011D9E2.bin C:\Program Files\AskSBar\bar\Cache\0011DC05.bin C:\Program Files\AskSBar\bar\Cache\014F597C C:\Program Files\AskSBar\bar\Cache\files.ini C:\Program Files\AskSBar\bar\History\search2 C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm -----------\\ Extensions (nathalie.FAMILLE-LIBERT) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (sebastien.FAMILLE-LIBERT) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" "Search Bar"="http://search.ke.voila.fr/S/voila?kw=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://fr.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 04/10/2009|16:17 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 04/10/2009|16:20 - Option : [1] -----------\\ Fin du rapport a 16:20:34,01
  3. voici le rapport de nettoyage ad-remover --------- Logfile of AD-Remover 1.0.7.7 by C_XX --------- *** Limited to *** Boonty/BoontyGames Eorezo Everest Poker Funwebproduct/MyWay/MyWebsearch Messenger Skinner Sweetim ****************** # START at: 15:55:42 | Dim 04/10/2009 | Microsoft® Windows XP™ (v5.1.2600) # BOOT MODE: Normal # OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat # PC: LIBERT-73A07827 | USER: sebastien ( Current user is an administrator) # DRIVE(S): - C:\ (File System: NTFS) # Internet Explorer v7.0.5730.13 --------- [ RUNNING PROCESSES: 67 ] --------- C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\2\FTRTSVC.exe C:\Program Files\Microsoft LifeCam\MSCamSvc.exe C:\Program Files\Controle Parental\bin\optproxy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\CONTRO~1\bin\optgui.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\2\AlertModule.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\Deskboard\deskboard.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\2\FTCOMModule.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\CONTRO~1\bin\optgui.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\2\AlertModule.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\Program Files\OrangeHSS\Deskboard\deskboard.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\2\FTCOMModule.exe C:\WINDOWS\system32\scrnsave.scr C:\WINDOWS\system32\ntvdm.exe ----------------------------------- (!) ---- IE start pages reset +-----------------------| Boonty/Boonty Games Elements Deleted : . +-----------------------| Eorezo Elements Deleted : . [03/09/2009 19:18|d--------] C:\Documents and Settings\sebastien.LIBERT-73A07827\Application Data\EoRezo +-----------------------| Everest Poker Elements Deleted : . +-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted : . +-----------------------| Messenger Skinner Elements Deleted : . +-----------------------| Sweetim Elements Deleted : . (!) ---- Temp files deleted. (!) ---- Recycle bin emptied in all drives. +-----------------------| ADDED SCAN : +--[HKEY_CURRENT_USER\..\Run] swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe +--[HKEY_LOCAL_MACHINE\..\Run] avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe EPSON Stylus DX4800 Series (Copie 1) REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P36 "EPSON Stylus DX4800 Series (Copie 1)" /O6 "USB001" /M "Stylus DX4800" VX3000 REG_SZ C:\WINDOWS\vVX3000.exe UpdateManager REG_SZ "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r SunJavaUpdateSched REG_SZ C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\Core\smax4pnp.exe ORAHSSSessionManager REG_SZ "C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" OPTENET_GUI REG_SZ C:\PROGRA~1\CONTRO~1\bin\optgui.exe NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe LifeCam REG_SZ "C:\Program Files\Microsoft LifeCam\LifeExp.exe" Google Quick Search Box REG_SZ "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun EPSON Stylus DX4800 Series REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800" dla REG_SZ C:\WINDOWS\system32\dla\tfswctrl.exe ATIPTA REG_SZ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe +--[HKEY_USERS\.DEFAULT\..\Run] CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN] +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN] Start Page : hxxp://fr.msn.com/ +---------------------------------------------------------------------------+ - "C:\AD-report-Clean-04.10.2009.log" (~6185 bytes) - "C:\AD-report-Scan-04.10.2009.log" (~7527 bytes) # END at: 16:01:07 | 04/10/2009 - Time elapsed: 5 minutes, 25 seconds +---------------------------------------------------------------------------+ +------------------------------- [ E.O.F - 126 lines ] +---------------------------------------------------------------------------+
  4. voici le rapport de ad-remover option A --------- Logfile of AD-Remover 1.0.7.7 by C_XX --------- # START at: 15:51:46 | Dim 04/10/2009 | Microsoft® Windows XP™ (v5.1.2600) # BOOT MODE: Normal # OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat # PC: LIBERT-73A07827 | USER: sebastien ( Current user is an administrator) # DRIVE(S): - C:\ (File System: NTFS) # Internet Explorer v7.0.5730.13 --------- [ RUNNING PROCESSES: 67 ] --------- C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\2\FTRTSVC.exe C:\Program Files\Microsoft LifeCam\MSCamSvc.exe C:\Program Files\Controle Parental\bin\optproxy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\CONTRO~1\bin\optgui.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\2\AlertModule.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\Deskboard\deskboard.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\2\FTCOMModule.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\CONTRO~1\bin\optgui.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\2\AlertModule.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\Program Files\OrangeHSS\Deskboard\deskboard.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\2\FTCOMModule.exe C:\WINDOWS\system32\scrnsave.scr C:\WINDOWS\system32\ntvdm.exe ----------------------------------- +-----------------------| Boonty/Boonty Games Elements found : . +-----------------------| Eorezo Elements found : . [03/09/2009 19:18|d--------] C:\DOCUME~1\SEBAST~1.LIB\APPLIC~1\EoRezo [30/08/2009 01:25|--a------] C:\DOCUME~1\SEBAST~1.LIB\APPLIC~1\EoRezo\cache [29/08/2009 21:19|--a------] C:\DOCUME~1\SEBAST~1.LIB\APPLIC~1\EoRezo\cmhost.cyp [29/08/2009 23:29|--a------] C:\DOCUME~1\SEBAST~1.LIB\APPLIC~1\EoRezo\CONFME~1.CYP [29/08/2009 23:29|d--------] C:\DOCUME~1\SEBAST~1.LIB\APPLIC~1\EoRezo\EODESK~1 [29/08/2009 21:20|d--------] C:\DOCUME~1\SEBAST~1.LIB\APPLIC~1\EoRezo\eoStats [29/08/2009 21:19|--a------] C:\DOCUME~1\SEBAST~1.LIB\APPLIC~1\EoRezo\host.cyp [03/09/2009 19:18|d--------] C:\DOCUME~1\SEBAST~1.LIB\APPLIC~1\EoRezo\SOFTWA~1 [30/08/2009 01:25|--a------] C:\DOCUME~1\SEBAST~1.LIB\APPLIC~1\EoRezo\user.cyp [29/08/2009 23:29|--a------] C:\DOCUME~1\SEBAST~1.LIB\APPLIC~1\EoRezo\EODESK~1\config.xml [29/08/2009 23:29|--a------] C:\DOCUME~1\SEBAST~1.LIB\APPLIC~1\EoRezo\EODESK~1\EODESK~1.HTM [29/08/2009 23:29|--a------] C:\DOCUME~1\SEBAST~1.LIB\APPLIC~1\EoRezo\EODESK~1\USERCO~1.XML [29/08/2009 23:19|--a------] C:\DOCUME~1\SEBAST~1.LIB\APPLIC~1\EoRezo\eoStats\eoStats.txt [29/08/2009 21:17|--a------] C:\DOCUME~1\SEBAST~1.LIB\APPLIC~1\EoRezo\SOFTWA~1\unins000.dat [03/09/2009 19:09|--a------] C:\DOCUME~1\SEBAST~1.LIB\APPLIC~1\EoRezo\SOFTWA~1\USER_C~1.CYP [29/08/2009 21:20|--a------] C:\DOCUME~1\SEBAST~1.LIB\APPLIC~1\EoRezo\SOFTWA~1\USER_P~1.CYP +-----------------------| Everest Poker Elements found : . +-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found : . +-----------------------| Messenger Skinner Elements found : . +-----------------------| Sweetim Elements found : . +-----------------------| ADDED SCAN : +--[HKEY_CURRENT_USER\..\Run] swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe +--[HKEY_LOCAL_MACHINE\..\Run] avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe EPSON Stylus DX4800 Series (Copie 1) REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P36 "EPSON Stylus DX4800 Series (Copie 1)" /O6 "USB001" /M "Stylus DX4800" VX3000 REG_SZ C:\WINDOWS\vVX3000.exe UpdateManager REG_SZ "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r SunJavaUpdateSched REG_SZ C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\Core\smax4pnp.exe ORAHSSSessionManager REG_SZ "C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" OPTENET_GUI REG_SZ C:\PROGRA~1\CONTRO~1\bin\optgui.exe NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe LifeCam REG_SZ "C:\Program Files\Microsoft LifeCam\LifeExp.exe" Google Quick Search Box REG_SZ "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun EPSON Stylus DX4800 Series REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800" dla REG_SZ C:\WINDOWS\system32\dla\tfswctrl.exe ATIPTA REG_SZ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe +--[HKEY_USERS\.DEFAULT\..\Run] CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN] +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN] Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157 +---------------------------------------------------------------------------+ - "C:\AD-report-Scan-04.10.2009.log" (~7192 bytes) # END at: 15:52:06 | 04/10/2009 - Time elapsed: 20.5 seconds +---------------------------------------------------------------------------+ +------------------------------- [ E.O.F - 130 lines ] +---------------------------------------------------------------------------+
  5. je ne trouve pas Application Data dans c:/ es ce normale??
  6. salut,voici le rapport d un ami qui n est pas arrivé a s enregistrer,merci de l etudier et de me dire si il y a un probleme,l analyse a ete faite une fois avec combofix,je lui ais desinstaler,merci d avance pour lui,a bientot voici le rapport: ComboFix 09-10-01.05 - BENJI 02/10/2009 21:39.1.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.511.316 [GMT 2:00] Lancé depuis: c:\documents and settings\BENJI\Mes documents\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\BENJI\Bureau\S-curit-routi-re(2).mpg c:\documents and settings\BENJI\Bureau\S-curit-routi-re(2).mpg c:\documents and settings\BENJI\Bureau\S-curit-routi-re.mpg c:\documents and settings\BENJI\Bureau\S-curit-routi-re.mpg c:\program files\internetgamebox c:\program files\internetgamebox\InternetGameBox.exe c:\program files\internetgamebox\language c:\program files\internetgamebox\ressources\AttenteOff.html c:\program files\internetgamebox\ressources\AttenteOn.html c:\program files\internetgamebox\ressources\configv2_en.xml c:\program files\internetgamebox\ressources\configv2_es.xml c:\program files\internetgamebox\ressources\configv2_fr.xml c:\program files\internetgamebox\ressources\favoris\defaultv2.swf c:\program files\internetgamebox\skins\skinv2.skn c:\windows\Installer\1c5406.msi c:\windows\Installer\1c540e.msi c:\windows\system32\_005973_.tmp.dll c:\windows\system32\_005974_.tmp.dll c:\windows\system32\_005975_.tmp.dll c:\windows\system32\_005976_.tmp.dll c:\windows\system32\_005983_.tmp.dll c:\windows\system32\_005984_.tmp.dll c:\windows\system32\_005985_.tmp.dll c:\windows\system32\_005986_.tmp.dll c:\windows\system32\_005988_.tmp.dll c:\windows\system32\_005989_.tmp.dll c:\windows\system32\_005992_.tmp.dll c:\windows\system32\_005993_.tmp.dll c:\windows\system32\_005995_.tmp.dll c:\windows\system32\_005996_.tmp.dll c:\windows\system32\_005997_.tmp.dll c:\windows\system32\_005999_.tmp.dll c:\windows\system32\_006002_.tmp.dll c:\windows\system32\_006003_.tmp.dll c:\windows\system32\_006007_.tmp.dll c:\windows\system32\_006008_.tmp.dll c:\windows\system32\_006010_.tmp.dll c:\windows\system32\_006013_.tmp.dll c:\windows\system32\_006015_.tmp.dll c:\windows\system32\_006016_.tmp.dll c:\windows\system32\_006017_.tmp.dll c:\windows\system32\_006018_.tmp.dll c:\windows\system32\_006019_.tmp.dll c:\windows\system32\_006022_.tmp.dll c:\windows\system32\_006023_.tmp.dll c:\windows\system32\_006024_.tmp.dll c:\windows\system32\_006025_.tmp.dll c:\windows\system32\_006026_.tmp.dll c:\windows\system32\_006031_.tmp.dll c:\windows\system32\AutoRun.inf c:\windows\system32\nvs2.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-02 au 2009-10-02 )))))))))))))))))))))))))))))))))))) . 2009-10-02 18:18 . 2009-10-02 18:18 -------- d-----w- c:\documents and settings\BENJI\Application Data\Auslogics 2009-10-02 18:18 . 2009-10-02 18:18 -------- d-----w- c:\program files\Auslogics 2009-09-19 09:15 . 2009-09-19 09:16 -------- d-----w- c:\program files\Google . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-02 19:57 . 2008-05-02 09:49 48068640 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-10-02 19:57 . 2008-05-02 09:49 1657888 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-10-02 19:48 . 2008-05-02 09:49 156428 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-10-02 19:48 . 2008-05-02 09:49 644780 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-10-02 14:51 . 2008-01-21 12:04 -------- d-----w- c:\program files\eMule 2009-10-02 04:41 . 2009-04-30 14:00 158414 ----a-w- c:\windows\hpoins15.dat 2009-10-02 04:30 . 2008-05-02 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-09-22 18:55 . 2008-05-02 09:50 107547 ----a-w- c:\windows\system32\drivers\klin.dat 2009-09-22 18:55 . 2008-05-02 09:50 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2009-08-05 09:06 . 2002-11-12 17:10 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 18:56 . 2002-11-12 17:09 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2007-09-07 11:55 286208 ----a-w- c:\windows\system32\wmpdxm.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-19 39408] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="NvQTwk" [X] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-08 90112] "StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 155648] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-07-16 106549] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-12-19 212992] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "etMonitor"="c:\windows\etMon.exe" [2005-10-12 36864] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-03-26 364544] "ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2002-06-06 28672] "ATIPTA"="atiptaxx.exe" - c:\program files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe [2002-06-21 290816] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\zzzzzz\\Nouveau dossier\\Nouveau dossier\\eMule\\emule.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "33500:TCP"= 33500:TCP:emule R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [04/04/2007 14:58 24344] S3 asbp2poa;asbp2poa;\??\c:\docume~1\BENJI\LOCALS~1\Temp\asbp2poa.sys --> c:\docume~1\BENJI\LOCALS~1\Temp\asbp2poa.sys [?] S3 DCamUSBET;ET USB 2750 Camera;c:\windows\system32\drivers\etDevice.sys [30/12/2007 16:46 106496] S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [30/12/2007 16:46 160128] S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [30/12/2007 16:46 6016] S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);c:\windows\system32\drivers\v800bus.sys [08/09/2007 15:32 52416] S3 v800obex;Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface;c:\windows\system32\drivers\v800obex.sys [08/09/2007 15:37 75584] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' 2008-08-13 c:\windows\Tasks\Connexion facile à Internet.job - c:\program files\Hewlett-Packard\EZ Internet Signup\HPSdpApp.exe [2002-01-01 03:10] 2009-10-02 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-01-17 13:47] 2009-10-02 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?7cfc31d8454e4fa9a6316b5a80183525 IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?7cfc31d8454e4fa9a6316b5a80183525 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} - hxxp://mannequin.redoute.fr/activex/Mannequin.cab FF - ProfilePath - c:\documents and settings\BENJI\Application Data\Mozilla\Firefox\Profiles\5imxphdt.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr) FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr/ . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-WOOKIT - c:\progra~1\Wanadoo\Shell.exe HKLM-Run-PS2 - c:\windows\system32\ps2.exe Notify-dimsntfy - (no file) AddRemove-Python 2.2 combined Win32 extensions - c:\python22\Lib\SITE-P~1\UNWISE~1.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-02 21:56 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040210900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(968) c:\windows\system32\klogon.dll - - - - - - - > 'explorer.exe'(2920) c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Heure de fin: 2009-10-02 22:05 - La machine a redémarré ComboFix-quarantined-files.txt 2009-10-02 20:05 Avant-CF: 22 117 761 024 octets libres Après-CF: 22 624 710 656 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 232 --- E O F --- 2009-09-14 19:29
  7. bonjour,tout d abord merci pour votre reponse rapide,bon j ai suprimer combofix,par contre je ne trouve pas Supprimer les dossiers et fichiers Eorezo, Eoweather,Eost, Eoengine, Eonet etc.... dans Program files\ et Documents and Settings\votre login\Application Data\ qu entendez vous par login,j ai chercher et je ne trouve pas application data!! bon pour le reste je vais bien tout lire et faire tranquillement ce que vous me dite pour ne pas me tromper,car s est un peu compliquer,je suis un vrai novice dans ce domaine,mais je suis la pour apprendre je voulais juste savoir si on pouvez se tutoyer,merci,je vous tiens au courant au fur et a mesure de mes actions,ou si j ai un probleme,merci encore
  8. salut a tous,comme j ai vu dans plusieurs sujet que il y avait des personne qui on l air tres bon dans la lecture de rapport,je te mets le mien,il s agit d un rapport combofix,pouvez vous l analiser pour moi( lorsque vous en aurez le temps biensur) et me dire si tout va bien,je vous remercie d avance etvous felicite pourvos reponses et votre engagement pour aider les novices comme moi,a bientot. LIBOUNER voici mon rapport: ComboFix 09-09-30.06 - sebastien 01/10/2009 18:17.1.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.533 [GMT 2:00] Lancé depuis: c:\documents and settings\sebastien.LIBERT-73A07827\Mes documents\ComboFix.exe AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: avast! antivirus 4.8.1351 [VPS 090930-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ADS - WINDOWS: deleted 48 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\sebastien.FAMILLE-LIBERT\Local Settings\Application Data\kecgoyy.dat c:\documents and settings\sebastien.FAMILLE-LIBERT\Local Settings\Application Data\kecgoyy.exe c:\documents and settings\sebastien.FAMILLE-LIBERT\Local Settings\Application Data\kecgoyy_nav.dat c:\documents and settings\sebastien.FAMILLE-LIBERT\Local Settings\Application Data\kecgoyy_navps.dat c:\documents and settings\sebastien.FAMILLE-LIBERT\Local Settings\Application Data\uaqiqey.dat c:\documents and settings\sebastien.FAMILLE-LIBERT\Local Settings\Application Data\uaqiqey_navps.dat c:\documents and settings\sebastien\Local Settings\Application Data\rknbav.dat c:\documents and settings\sebastien\Local Settings\Application Data\rknbav_nav.dat c:\documents and settings\sebastien\Local Settings\Application Data\rknbav_navps.dat c:\recycler\S-1-5-21-1801674531-115176313-839522115-1004 c:\recycler\S-1-5-21-1801674531-115176313-839522115-1005 c:\recycler\S-1-5-21-2161966061-1894432407-327850265-1005 c:\recycler\S-1-5-21-484763869-1482476501-839522115-1004 c:\recycler\S-1-5-21-484763869-1482476501-839522115-1005 c:\recycler\S-1-5-21-484763869-1482476501-839522115-1006 c:\windows\system32\_000007_.tmp.dll c:\windows\system32\_004091_.tmp.dll c:\windows\system32\_004092_.tmp.dll c:\windows\system32\_004093_.tmp.dll c:\windows\system32\_004094_.tmp.dll c:\windows\system32\_004101_.tmp.dll c:\windows\system32\_004102_.tmp.dll c:\windows\system32\_004103_.tmp.dll c:\windows\system32\_004104_.tmp.dll c:\windows\system32\_004106_.tmp.dll c:\windows\system32\_004107_.tmp.dll c:\windows\system32\_004110_.tmp.dll c:\windows\system32\_004111_.tmp.dll c:\windows\system32\_004113_.tmp.dll c:\windows\system32\_004114_.tmp.dll c:\windows\system32\_004115_.tmp.dll c:\windows\system32\_004116_.tmp.dll c:\windows\system32\_004117_.tmp.dll c:\windows\system32\_004120_.tmp.dll c:\windows\system32\_004121_.tmp.dll c:\windows\system32\_004125_.tmp.dll c:\windows\system32\_004126_.tmp.dll c:\windows\system32\_004128_.tmp.dll c:\windows\system32\_004131_.tmp.dll c:\windows\system32\_004133_.tmp.dll c:\windows\system32\_004134_.tmp.dll c:\windows\system32\_004135_.tmp.dll c:\windows\system32\_004136_.tmp.dll c:\windows\system32\_004137_.tmp.dll c:\windows\system32\_004140_.tmp.dll c:\windows\system32\_004141_.tmp.dll c:\windows\system32\_004142_.tmp.dll c:\windows\system32\_004143_.tmp.dll c:\windows\system32\_004144_.tmp.dll c:\windows\system32\_004149_.tmp.dll c:\windows\system32\_004151_.tmp.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-01 au 2009-10-01 )))))))))))))))))))))))))))))))))))) . 2009-09-29 17:00 . 2009-09-29 17:00 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\MSNInstaller 2009-09-25 17:18 . 2009-09-25 17:18 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Local Settings\Application Data\Ahead 2009-09-15 16:59 . 2009-09-15 16:59 -------- d-----w- c:\documents and settings\ugo.LIBERT-73A07827\Application Data\Template 2009-09-15 16:26 . 2009-09-15 16:27 -------- d-----w- c:\program files\Tracker Software 2009-09-14 16:44 . 2009-09-14 17:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\AVP 2009 2009-09-14 15:32 . 2009-09-22 13:46 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\Template 2009-09-09 15:45 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-03 17:53 . 2009-09-03 18:03 -------- d-----w- c:\program files\adslTV 2009-09-03 17:19 . 2009-09-03 17:19 -------- d-----w- c:\windows\system32\wbem\Repository 2009-09-03 17:18 . 2009-09-03 17:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS 2009-09-03 17:18 . 2009-09-03 17:18 -------- d-----w- c:\program files\Tiscali 2009-09-03 17:18 . 2009-09-19 14:33 -------- d-----w- c:\program files\7-Zip 2009-09-03 17:18 . 2009-09-03 17:18 -------- d-----w- c:\program files\Telecom Italia France 2009-09-02 16:37 . 2009-09-30 18:56 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-25 17:09 . 2009-08-02 09:16 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\vlc 2009-09-03 17:18 . 2009-08-28 18:43 -------- d-----w- c:\documents and settings\nathalie.LIBERT-73A07827\Application Data\vlc 2009-09-03 17:18 . 2009-08-29 19:17 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\EoRezo 2009-09-03 17:18 . 2008-08-18 20:06 -------- d-----w- c:\program files\GameSpy Arcade 2009-08-28 15:17 . 2009-08-28 15:17 -------- d-----w- c:\program files\Orange 2009-08-20 12:28 . 2008-08-18 19:10 -------- d-----w- c:\program files\PANZERS - Phase1 2009-08-19 16:22 . 2009-08-19 16:22 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\EPSON 2009-08-17 16:10 . 2009-07-31 20:50 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-17 16:06 . 2009-07-31 20:50 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-17 16:06 . 2009-07-31 20:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-17 16:05 . 2009-07-31 20:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-17 16:05 . 2009-07-31 20:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-17 16:04 . 2009-07-31 20:50 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2009-07-31 20:50 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:03 . 2009-07-31 20:50 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-17 16:02 . 2009-07-31 20:50 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-05 09:25 . 2009-08-05 09:25 25432 ----a-w- c:\documents and settings\nathalie.LIBERT-73A07827\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-05 09:00 . 2004-08-19 20:02 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 08:54 . 2009-08-05 08:54 -------- d-----w- c:\documents and settings\nathalie.LIBERT-73A07827\Application Data\Template 2009-08-04 20:00 . 2008-08-24 18:44 -------- d-----w- c:\program files\Vuze 2009-08-04 20:00 . 2009-08-04 19:46 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\Azureus 2009-08-04 19:46 . 2009-08-04 19:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Azureus 2009-08-04 19:38 . 2008-08-24 18:45 -------- d-----w- c:\program files\AskSBar 2009-08-04 19:38 . 2009-01-13 17:42 -------- d-----w- c:\program files\MySoftware 2009-08-04 19:36 . 2009-08-04 19:36 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\MyLogoMaker 2009-08-04 19:36 . 2009-07-31 17:50 25432 ----a-w- c:\documents and settings\sebastien.LIBERT-73A07827\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-04 00:04 . 2009-08-04 00:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion 2009-08-03 23:58 . 2007-12-30 09:51 -------- d-----w- c:\program files\Ahead 2009-08-03 23:58 . 2009-08-03 23:57 -------- d-----w- c:\program files\Yahoo! 2009-08-02 09:54 . 2004-08-19 20:03 367658 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-02 09:54 . 2004-08-19 20:03 48616 ----a-w- c:\windows\system32\perfc00C.dat 2009-07-31 17:59 . 2009-07-31 17:59 80090 ----a-w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\SMBIOSSP.exe 2009-07-31 15:41 . 2009-07-31 15:41 21892 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-18 16:03 . 2009-07-18 16:03 3090432 ------w- c:\windows\system32\SET132E.tmp 2009-07-18 16:03 . 2009-07-18 16:03 1510400 ------w- c:\windows\system32\SET132D.tmp 2009-07-17 19:03 . 2004-08-19 19:56 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-19 20:11 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2008-09-15 19:27 . 2008-09-15 19:27 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-29 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-12 122939] "UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2004-01-06 110592] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 269104] "VX3000"="c:\windows\vVX3000.exe" [2006-06-29 707376] "EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304] "OPTENET_GUI"="c:\progra~1\CONTRO~1\bin\optgui.exe" [2008-05-06 424608] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2008-06-10 107248] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-31 122368] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "EPSON Stylus DX4800 Series (Copie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] c:\documents and settings\nathalie.FAMILLE-LIBERT\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\documents and settings\sebastien\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\documents and settings\sebastien.FAMILLE-LIBERT\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Documents and Settings\\sebastien.LIBERT-73A07827\\Bureau\\adsltv.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/07/2009 22:50 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/07/2009 22:50 20560] R2 OPTENET_FILTER;Orange Contrôle Parental;c:\program files\Controle Parental\bin\optproxy.exe [31/07/2009 22:16 649168] . . ------- Examen supplémentaire ------- . uStart Page = www.orange.fr uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s LSP: c:\program files\Controle Parental\bin\lsp.dll . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-RegistryDoktorFrNET - c:\program files\Registry_Doktor 4.1\RegistryDoktor.exe HKLM-Run-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe HKLM-Run-McRegWiz - c:\progra~1\mcafee.com\agent\mcregwiz.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-01 18:28 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Heure de fin: 2009-10-01 18:29 ComboFix-quarantined-files.txt 2009-10-01 16:29 Avant-CF: 128 113 176 576 octets libres Après-CF: 129 302 781 952 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect 223
  9. salut,donc si je comprends bien il faut que je fasse un nouveau sujet ou je peux continuer ici?? merci
  10. salut pear,comme j ai vu dans plusieurs sujet que tu avais l air tres bon dans la lecture de rapport,je te mets le mien,il s agit d un rapport combofix,peux tu l analiser pour moi( lorsque tu en auras le temps biensur) et me dire si tout va bien,je te remercie d avance et te felicite pour tes reponse et ton engagement pour aider les novice comme moi,a bientot. LIBOUNER voici mon rapport: ComboFix 09-09-30.06 - sebastien 01/10/2009 18:17.1.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.533 [GMT 2:00] Lancé depuis: c:\documents and settings\sebastien.LIBERT-73A07827\Mes documents\ComboFix.exe AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: avast! antivirus 4.8.1351 [VPS 090930-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ADS - WINDOWS: deleted 48 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\sebastien.FAMILLE-LIBERT\Local Settings\Application Data\kecgoyy.dat c:\documents and settings\sebastien.FAMILLE-LIBERT\Local Settings\Application Data\kecgoyy.exe c:\documents and settings\sebastien.FAMILLE-LIBERT\Local Settings\Application Data\kecgoyy_nav.dat c:\documents and settings\sebastien.FAMILLE-LIBERT\Local Settings\Application Data\kecgoyy_navps.dat c:\documents and settings\sebastien.FAMILLE-LIBERT\Local Settings\Application Data\uaqiqey.dat c:\documents and settings\sebastien.FAMILLE-LIBERT\Local Settings\Application Data\uaqiqey_navps.dat c:\documents and settings\sebastien\Local Settings\Application Data\rknbav.dat c:\documents and settings\sebastien\Local Settings\Application Data\rknbav_nav.dat c:\documents and settings\sebastien\Local Settings\Application Data\rknbav_navps.dat c:\recycler\S-1-5-21-1801674531-115176313-839522115-1004 c:\recycler\S-1-5-21-1801674531-115176313-839522115-1005 c:\recycler\S-1-5-21-2161966061-1894432407-327850265-1005 c:\recycler\S-1-5-21-484763869-1482476501-839522115-1004 c:\recycler\S-1-5-21-484763869-1482476501-839522115-1005 c:\recycler\S-1-5-21-484763869-1482476501-839522115-1006 c:\windows\system32\_000007_.tmp.dll c:\windows\system32\_004091_.tmp.dll c:\windows\system32\_004092_.tmp.dll c:\windows\system32\_004093_.tmp.dll c:\windows\system32\_004094_.tmp.dll c:\windows\system32\_004101_.tmp.dll c:\windows\system32\_004102_.tmp.dll c:\windows\system32\_004103_.tmp.dll c:\windows\system32\_004104_.tmp.dll c:\windows\system32\_004106_.tmp.dll c:\windows\system32\_004107_.tmp.dll c:\windows\system32\_004110_.tmp.dll c:\windows\system32\_004111_.tmp.dll c:\windows\system32\_004113_.tmp.dll c:\windows\system32\_004114_.tmp.dll c:\windows\system32\_004115_.tmp.dll c:\windows\system32\_004116_.tmp.dll c:\windows\system32\_004117_.tmp.dll c:\windows\system32\_004120_.tmp.dll c:\windows\system32\_004121_.tmp.dll c:\windows\system32\_004125_.tmp.dll c:\windows\system32\_004126_.tmp.dll c:\windows\system32\_004128_.tmp.dll c:\windows\system32\_004131_.tmp.dll c:\windows\system32\_004133_.tmp.dll c:\windows\system32\_004134_.tmp.dll c:\windows\system32\_004135_.tmp.dll c:\windows\system32\_004136_.tmp.dll c:\windows\system32\_004137_.tmp.dll c:\windows\system32\_004140_.tmp.dll c:\windows\system32\_004141_.tmp.dll c:\windows\system32\_004142_.tmp.dll c:\windows\system32\_004143_.tmp.dll c:\windows\system32\_004144_.tmp.dll c:\windows\system32\_004149_.tmp.dll c:\windows\system32\_004151_.tmp.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-01 au 2009-10-01 )))))))))))))))))))))))))))))))))))) . 2009-09-29 17:00 . 2009-09-29 17:00 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\MSNInstaller 2009-09-25 17:18 . 2009-09-25 17:18 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Local Settings\Application Data\Ahead 2009-09-15 16:59 . 2009-09-15 16:59 -------- d-----w- c:\documents and settings\ugo.LIBERT-73A07827\Application Data\Template 2009-09-15 16:26 . 2009-09-15 16:27 -------- d-----w- c:\program files\Tracker Software 2009-09-14 16:44 . 2009-09-14 17:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\AVP 2009 2009-09-14 15:32 . 2009-09-22 13:46 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\Template 2009-09-09 15:45 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-03 17:53 . 2009-09-03 18:03 -------- d-----w- c:\program files\adslTV 2009-09-03 17:19 . 2009-09-03 17:19 -------- d-----w- c:\windows\system32\wbem\Repository 2009-09-03 17:18 . 2009-09-03 17:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS 2009-09-03 17:18 . 2009-09-03 17:18 -------- d-----w- c:\program files\Tiscali 2009-09-03 17:18 . 2009-09-19 14:33 -------- d-----w- c:\program files\7-Zip 2009-09-03 17:18 . 2009-09-03 17:18 -------- d-----w- c:\program files\Telecom Italia France 2009-09-02 16:37 . 2009-09-30 18:56 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-25 17:09 . 2009-08-02 09:16 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\vlc 2009-09-03 17:18 . 2009-08-28 18:43 -------- d-----w- c:\documents and settings\nathalie.LIBERT-73A07827\Application Data\vlc 2009-09-03 17:18 . 2009-08-29 19:17 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\EoRezo 2009-09-03 17:18 . 2008-08-18 20:06 -------- d-----w- c:\program files\GameSpy Arcade 2009-08-28 15:17 . 2009-08-28 15:17 -------- d-----w- c:\program files\Orange 2009-08-20 12:28 . 2008-08-18 19:10 -------- d-----w- c:\program files\PANZERS - Phase1 2009-08-19 16:22 . 2009-08-19 16:22 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\EPSON 2009-08-17 16:10 . 2009-07-31 20:50 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-17 16:06 . 2009-07-31 20:50 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-17 16:06 . 2009-07-31 20:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-17 16:05 . 2009-07-31 20:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-17 16:05 . 2009-07-31 20:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-17 16:04 . 2009-07-31 20:50 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2009-07-31 20:50 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:03 . 2009-07-31 20:50 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-17 16:02 . 2009-07-31 20:50 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-05 09:25 . 2009-08-05 09:25 25432 ----a-w- c:\documents and settings\nathalie.LIBERT-73A07827\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-05 09:00 . 2004-08-19 20:02 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 08:54 . 2009-08-05 08:54 -------- d-----w- c:\documents and settings\nathalie.LIBERT-73A07827\Application Data\Template 2009-08-04 20:00 . 2008-08-24 18:44 -------- d-----w- c:\program files\Vuze 2009-08-04 20:00 . 2009-08-04 19:46 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\Azureus 2009-08-04 19:46 . 2009-08-04 19:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Azureus 2009-08-04 19:38 . 2008-08-24 18:45 -------- d-----w- c:\program files\AskSBar 2009-08-04 19:38 . 2009-01-13 17:42 -------- d-----w- c:\program files\MySoftware 2009-08-04 19:36 . 2009-08-04 19:36 -------- d-----w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\MyLogoMaker 2009-08-04 19:36 . 2009-07-31 17:50 25432 ----a-w- c:\documents and settings\sebastien.LIBERT-73A07827\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-04 00:04 . 2009-08-04 00:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion 2009-08-03 23:58 . 2007-12-30 09:51 -------- d-----w- c:\program files\Ahead 2009-08-03 23:58 . 2009-08-03 23:57 -------- d-----w- c:\program files\Yahoo! 2009-08-02 09:54 . 2004-08-19 20:03 367658 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-02 09:54 . 2004-08-19 20:03 48616 ----a-w- c:\windows\system32\perfc00C.dat 2009-07-31 17:59 . 2009-07-31 17:59 80090 ----a-w- c:\documents and settings\sebastien.LIBERT-73A07827\Application Data\SMBIOSSP.exe 2009-07-31 15:41 . 2009-07-31 15:41 21892 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-18 16:03 . 2009-07-18 16:03 3090432 ------w- c:\windows\system32\SET132E.tmp 2009-07-18 16:03 . 2009-07-18 16:03 1510400 ------w- c:\windows\system32\SET132D.tmp 2009-07-17 19:03 . 2004-08-19 19:56 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-19 20:11 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2008-09-15 19:27 . 2008-09-15 19:27 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-29 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-12 122939] "UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2004-01-06 110592] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 269104] "VX3000"="c:\windows\vVX3000.exe" [2006-06-29 707376] "EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304] "OPTENET_GUI"="c:\progra~1\CONTRO~1\bin\optgui.exe" [2008-05-06 424608] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2008-06-10 107248] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-31 122368] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "EPSON Stylus DX4800 Series (Copie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] c:\documents and settings\nathalie.FAMILLE-LIBERT\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\documents and settings\sebastien\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\documents and settings\sebastien.FAMILLE-LIBERT\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Documents and Settings\\sebastien.LIBERT-73A07827\\Bureau\\adsltv.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/07/2009 22:50 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/07/2009 22:50 20560] R2 OPTENET_FILTER;Orange Contrôle Parental;c:\program files\Controle Parental\bin\optproxy.exe [31/07/2009 22:16 649168] . . ------- Examen supplémentaire ------- . uStart Page = www.orange.fr uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s LSP: c:\program files\Controle Parental\bin\lsp.dll . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-RegistryDoktorFrNET - c:\program files\Registry_Doktor 4.1\RegistryDoktor.exe HKLM-Run-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe HKLM-Run-McRegWiz - c:\progra~1\mcafee.com\agent\mcregwiz.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-01 18:28 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Heure de fin: 2009-10-01 18:29 ComboFix-quarantined-files.txt 2009-10-01 16:29 Avant-CF: 128 113 176 576 octets libres Après-CF: 129 302 781 952 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect 223
×
×
  • Créer...