Aller au contenu

eric2010

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par eric2010

  1. eric2010
    Bonjour, Voici le log combo fix du portable : ComboFix 10-01-03.05 - sandrine 04/01/2010 14:21:41.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1347 [GMT 1:00] Lancé depuis: c:\users\sandrine\Desktop\ComboFix.exe AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\KBL.LOG . ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-04 au 2010-01-04 )))))))))))))))))))))))))))))))))))) . 2010-01-04 13:28 . 2010-01-04 13:28 -------- d-----w- c:\users\sandrine\AppData\Local\temp 2010-01-04 13:28 . 2010-01-04 13:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-01-04 11:27 . 2010-01-04 11:27 -------- d-----w- c:\users\sandrine\AppData\Local\Symantec_Corporation 2010-01-04 10:56 . 2007-03-28 19:49 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys 2010-01-04 10:56 . 2007-03-28 19:29 37864 ----a-w- c:\windows\system32\drivers\v2imount.sys 2010-01-04 10:56 . 2007-03-28 19:23 14072 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys 2010-01-04 10:56 . 2007-03-28 19:29 131944 ----a-w- c:\windows\system32\drivers\symsnap.sys 2010-01-04 10:55 . 2010-01-04 13:03 -------- d-----w- c:\program files\Norton Ghost 2009-12-29 16:09 . 2009-12-29 16:09 -------- d-sh--we c:\windows\system32\config\systemprofile\Voisinage réseau 2009-12-29 16:09 . 2009-12-29 16:09 -------- d-sh--we c:\windows\system32\config\systemprofile\Voisinage d'impression 2009-12-29 16:09 . 2009-12-29 16:09 -------- d-sh--we c:\windows\system32\config\systemprofile\Modèles 2009-12-29 16:09 . 2009-12-29 16:09 -------- d-sh--we c:\windows\system32\config\systemprofile\Menu Démarrer 2009-12-29 16:09 . 2009-12-29 16:09 -------- d-sh--we c:\windows\system32\config\systemprofile\Mes documents 2009-12-21 14:19 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-21 14:19 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-12-21 12:37 . 2009-12-21 12:37 -------- d-----w- c:\programdata\Avira 2009-12-21 12:37 . 2009-12-21 12:37 -------- d-----w- c:\program files\Avira 2009-12-19 19:39 . 2009-12-21 15:22 -------- d-----w- c:\program files\Ad-Remover 2009-12-19 18:56 . 2009-12-21 15:36 -------- d-----w- c:\program files\ZHPDiag 2009-12-19 14:43 . 2010-01-04 13:03 -------- dc----w- c:\windows\system32\DRVSTORE 2009-12-19 14:35 . 2009-12-20 13:33 -------- d-----w- c:\programdata\Lavasoft 2009-12-19 13:44 . 2009-12-21 14:12 -------- d-----w- c:\program files\Navilog1 2009-12-19 12:48 . 2009-12-19 12:48 -------- d-----w- c:\program files\EMCO 2009-12-18 21:33 . 2009-12-18 21:34 -------- d-----w- c:\programdata\AOL 2009-12-18 19:56 . 2009-12-20 13:30 -------- d-----w- c:\program files\Alwil Software 2009-12-18 19:30 . 2009-12-18 19:30 -------- d-----w- c:\users\sandrine\AppData\Roaming\Malwarebytes 2009-12-18 19:30 . 2009-12-18 19:30 -------- d-----w- c:\programdata\Malwarebytes 2009-12-18 13:58 . 2009-12-18 14:04 -------- d-----w- c:\program files\Microsoft Silverlight 2009-12-18 13:57 . 2009-12-18 13:57 -------- d-----w- c:\program files\Microsoft 2009-12-18 12:54 . 2009-12-21 14:12 -------- d-----w- c:\program files\CCleaner 2009-12-18 12:45 . 2009-12-18 12:45 -------- d-----w- c:\program files\Trend Micro 2009-12-18 12:36 . 2009-12-21 14:14 -------- d-----w- c:\program files\Windows Portable Devices 2009-12-18 12:29 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-12-18 12:26 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll 2009-12-18 10:55 . 2009-12-21 14:14 -------- d-----w- c:\windows\system32\vi-VN 2009-12-18 10:55 . 2009-12-21 14:14 -------- d-----w- c:\windows\system32\eu-ES 2009-12-18 10:55 . 2009-12-21 14:14 -------- d-----w- c:\windows\system32\ca-ES 2009-12-18 10:28 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll 2009-12-18 10:28 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll 2009-12-18 10:23 . 2009-04-11 06:28 679936 ----a-w- c:\windows\system32\msvcrt.dll 2009-12-18 09:35 . 2009-12-18 09:35 -------- d-----w- c:\windows\system32\EventProviders 2009-12-18 09:19 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll 2009-12-18 08:58 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll 2009-12-18 08:51 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-18 08:51 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-12-18 08:51 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-17 12:12 . 2009-04-11 06:28 199680 ----a-w- c:\windows\system32\WebClnt.dll 2009-12-17 12:11 . 2009-04-11 06:28 19968 ----a-w- c:\windows\system32\winrnr.dll 2009-12-17 11:43 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-12-17 11:42 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-17 11:42 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-17 11:42 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-12-17 11:42 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-12-17 11:42 . 2009-04-11 06:28 53248 ----a-w- c:\windows\system32\tsgqec.dll 2009-12-17 11:42 . 2009-04-11 06:28 136192 ----a-w- c:\windows\system32\aaclient.dll 2009-12-17 11:42 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-12-17 11:42 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-12-17 11:42 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-12-17 11:35 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-12-17 10:35 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-12-17 10:35 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-12-17 10:35 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-12-17 10:35 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-12-17 10:34 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-12-17 10:34 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-12-17 10:34 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-12-17 10:34 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-12-17 10:34 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-04 13:09 . 2007-11-27 06:50 672182 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-04 13:09 . 2007-11-27 06:50 124770 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-04 13:03 . 2007-11-26 22:19 -------- d-----w- c:\programdata\Symantec 2010-01-04 13:03 . 2007-11-26 22:19 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-01-04 11:27 . 2008-09-08 00:25 -------- d-----w- c:\users\sandrine\AppData\Roaming\Symantec 2010-01-04 10:55 . 2007-11-26 22:20 -------- d-----w- c:\program files\Symantec 2010-01-04 09:32 . 2008-09-08 06:48 3198 ----a-w- c:\users\sandrine\AppData\Roaming\wklnhst.dat 2009-12-29 16:12 . 2007-11-26 22:17 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-29 16:12 . 2007-11-27 00:04 -------- d-----w- c:\program files\CyberLink 2009-12-29 16:11 . 2007-11-27 00:30 -------- d-----w- c:\program files\Java 2009-12-29 15:38 . 2008-09-08 00:25 73048 ----a-w- c:\users\sandrine\AppData\Local\GDIPFONTCACHEV1.DAT 2009-12-21 16:01 . 2008-12-08 14:32 28124 ----a-w- c:\programdata\nvModes.dat 2009-12-21 14:56 . 2008-12-08 14:18 -------- d-----w- c:\users\sandrine\AppData\Roaming\GTek 2009-12-21 14:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-12-21 14:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-12-20 19:09 . 2009-09-02 10:34 8268 ----a-w- c:\users\sandrine\AppData\Local\d3d9caps.dat 2009-12-19 12:59 . 2008-01-10 23:53 -------- d-----w- c:\programdata\NVIDIA 2009-12-18 19:17 . 2009-06-30 16:07 -------- d-----w- c:\users\sandrine\AppData\Roaming\LimeWire 2009-12-18 12:36 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-12-18 12:36 . 2009-12-18 12:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2009-12-18 12:36 . 2009-12-18 12:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-12-18 10:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-12-18 10:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-12-18 10:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-12-18 10:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-12-18 10:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-12-18 08:59 . 2007-11-26 23:59 -------- d-----w- c:\programdata\Microsoft Help 2009-12-18 08:35 . 2008-11-05 18:26 -------- d-----w- c:\program files\Pack Securite 2009-12-18 08:30 . 2008-11-05 18:27 -------- d-----w- c:\programdata\F-Secure 2009-11-21 06:40 . 2009-12-18 09:20 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-18 09:20 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34 . 2009-12-18 09:20 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59 . 2009-12-18 09:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-10-08 21:08 . 2009-12-18 12:29 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-08 21:08 . 2009-12-18 12:29 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 21:07 . 2009-12-18 12:29 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-10-07 11:36 . 2009-12-17 11:41 243712 ----a-w- c:\windows\system32\rastls.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-27 13515296] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Users^sandrine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk] path=c:\users\sandrine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 11:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2008-10-17 14:52 51048 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] 2008-06-16 07:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 15:24 54840 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor] 2007-10-01 15:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2007-09-13 07:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-02-27 03:48 92704 ----a-w- c:\windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay] 2007-09-04 12:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] 2007-09-19 13:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2007-09-30 18:34 181544 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-08-17 13:27 4702208 ----a-w- c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] 2007-01-17 13:34 634880 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-12-22 15:45 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart] 2007-09-15 08:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] 2007-08-16 22:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage] 2007-01-08 14:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):8c,b7,67,b4,d1,7f,ca,01 R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081104.005\IDSvix86.sys [05/11/2008 02:44 270384] R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\Hp\QuickPlay\000.fcl [11/01/2008 00:40 39408] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [21/12/2009 15:19 108289] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [31/10/2008 20:47 149352] S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [08/10/2008 22:55 21504] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\System32\drivers\massfilter.sys [15/09/2008 13:26 7168] S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [13/06/2008 13:13 41008] S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\System32\drivers\ZTEusbnet.sys [11/05/2009 19:48 110080] S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\System32\drivers\zteusbvoice.sys [11/05/2009 19:48 104960] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-01-03 c:\windows\Tasks\User_Feed_Synchronization-{3BF0EBA0-C0FC-48D4-91D4-7D1ABFFE3B54}.job - c:\windows\system32\msfeedssync.exe [2009-12-18 04:59] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-Locked - (no file) MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-CardDetectorICON225 - c:\program files\CardDetector\ICON225\CardDetector.exe MSConfigStartUp-kyaqeme - c:\users\sandrine\appdata\local\kyaqeme.exe MSConfigStartUp-MobileConnect - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-04 14:28 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}] "ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2010-01-04 14:30:13 ComboFix-quarantined-files.txt 2010-01-04 13:30 Avant-CF: 81 838 333 952 octets libres Après-CF: 81 789 796 352 octets libres - - End Of File - - B45526D86AA116C65892533EE18CB329 Merci d'avance pour l'aide
  2. eric2010
    Bonjour, J'ai deux ordinateur un peu capricieux. Un portable qui ne se connecte plus au net et qui bloque tout le temps et un pc bureau extrêmement sollicité, pas tout récent auquel je tiens beaucoup. J'aimerai si quelqu'un s'y connait qu'on m'aide à analyser les logs (combofix déjà) Voici celui du pc de bureau (Le log du portable sera mis sur un autre sujet pour éviter les amalgames): ComboFix 10-01-03.05 - eric 04/01/2010 14:39:11.4.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.606 [GMT 1:00] Lancé depuis: c:\documents and settings\eric\Bureau\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100104-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\LOG.TXT C:\Thumbs.db c:\windows\patch.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-04 au 2010-01-04 )))))))))))))))))))))))))))))))))))) . 2010-01-04 13:18 . 2010-01-04 13:18 401408 ----a-w- c:\windows\system32\CF24658.exe 2010-01-04 12:28 . 2010-01-04 12:34 -------- d-----w- c:\program files\RealArcade 2010-01-03 14:24 . 2010-01-03 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Farm Frenzy 2010-01-03 14:24 . 2010-01-03 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper 2010-01-03 14:23 . 2010-01-04 11:11 -------- d-----w- c:\program files\Alawar 2009-12-30 15:01 . 2009-12-30 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3 2009-12-29 16:55 . 2009-12-29 16:57 -------- d-----w- c:\program files\Parking Dash 2009-12-28 22:37 . 2009-12-30 21:34 -------- d-----w- c:\windows\Downloaded Program Files 2009-12-28 22:37 . 2009-12-28 22:37 -------- d-----w- c:\documents and settings\eric\Application Data\SpinTop 2009-12-23 21:54 . 2009-12-23 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\BOONTY 2009-12-23 21:54 . 2009-12-23 21:54 -------- d-----w- c:\program files\Fichiers communs\BOONTY Shared 2009-12-23 21:50 . 2009-12-23 23:00 -------- d-----w- c:\program files\BoontyGames 2009-12-23 21:50 . 2009-12-23 21:50 -------- d-----w- c:\program files\Boonty 2009-12-23 17:30 . 2009-01-16 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty 2009-12-19 16:20 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-12-19 16:19 . 2009-12-19 16:19 -------- d-----w- c:\program files\Panda Security 2009-12-13 21:31 . 2009-12-13 21:31 -------- d-----w- c:\program files\Burger Shop 2 2009-12-13 10:47 . 2009-12-13 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBit Games 2009-12-13 10:09 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll 2009-12-13 10:04 . 2009-12-13 10:04 -------- d-----w- c:\windows\Logs . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-04 13:53 . 2008-11-07 10:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-04 10:58 . 2008-12-22 16:23 -------- d-----w- c:\program files\Zylom Games 2010-01-04 08:51 . 2009-10-04 16:22 -------- d-----w- c:\program files\LogMeIn 2009-12-24 08:44 . 2009-11-24 10:50 -------- d-----w- c:\program files\Glary Utilities 2009-12-23 17:30 . 2008-12-22 16:23 -------- d-----w- c:\documents and settings\eric\Application Data\Zylom 2009-12-23 11:06 . 2008-12-05 19:52 -------- d-----w- c:\program files\FindyKill 2009-12-22 22:26 . 2007-10-03 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-22 10:29 . 2009-11-24 12:46 -------- d-----w- c:\program files\TuneUp Utilities 2010 2009-12-09 10:34 . 2001-08-28 12:00 606988 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-09 10:34 . 2001-08-28 12:00 128530 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-09 08:53 . 2007-10-10 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-12-02 20:47 . 2008-10-10 06:45 81016 ----a-w- c:\documents and settings\eric\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-01 09:29 . 2007-10-10 08:07 -------- d-----w- c:\program files\Microsoft Works 2009-11-30 13:59 . 2009-11-30 13:59 -------- d-----w- c:\documents and settings\eric\Application Data\Uniblue 2009-11-28 18:19 . 2009-11-28 18:19 3584 ----a-r- c:\documents and settings\eric\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2009-11-28 18:18 . 2009-11-28 18:18 -------- d-----w- c:\program files\Windows Installer Clean Up 2009-11-28 18:18 . 2009-11-28 18:18 -------- d-----w- c:\program files\MSECACHE 2009-11-28 17:31 . 2009-11-28 16:54 -------- d-----w- c:\program files\ISO Recorder 2009-11-24 23:54 . 2007-09-25 12:13 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-24 23:51 . 2007-09-25 12:13 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-24 23:50 . 2007-09-25 12:13 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-24 23:50 . 2008-04-05 08:26 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-24 23:50 . 2008-04-05 08:26 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-24 23:49 . 2007-09-25 12:13 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-24 23:48 . 2007-09-25 12:13 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-24 23:47 . 2007-09-25 12:13 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-24 23:47 . 2007-09-25 12:13 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-24 13:00 . 2009-11-24 13:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software 2009-11-24 12:46 . 2009-11-24 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-11-24 12:46 . 2009-11-24 12:46 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2009-11-24 10:56 . 2009-11-24 10:56 -------- d-----w- c:\documents and settings\eric\Application Data\GlarySoft 2009-11-23 21:34 . 2009-11-23 21:34 -------- d-----w- c:\documents and settings\eric\Application Data\ScanSpyware 2009-11-23 21:33 . 2009-11-23 21:33 -------- d-----w- c:\program files\ScanSpyware 2009-11-23 15:50 . 2009-10-19 11:20 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2009-11-23 06:47 . 2009-11-28 15:49 781864 ----a-w- C:\WindowsXP-KB932716-v2-x86-FRA.exe 2009-11-18 10:46 . 2007-10-03 17:03 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-11-17 16:16 . 2009-10-19 11:20 -------- d-----w- c:\program files\PC Tools Firewall Plus 2009-11-17 16:15 . 2009-11-17 16:15 7383 ----a-w- c:\windows\system32\drivers\pctplfw.cat 2009-11-17 16:15 . 2009-10-19 11:20 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys 2009-11-17 16:15 . 2009-10-19 11:20 70408 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys 2009-11-17 16:15 . 2009-10-19 11:20 55208 ----a-w- c:\windows\system32\drivers\pctNdis.sys 2009-11-17 16:15 . 2009-11-17 16:15 7435 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.cat 2009-11-17 16:15 . 2009-11-17 16:15 7399 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.cat 2009-11-17 16:15 . 2009-10-19 11:21 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-11-17 16:15 . 2009-10-19 11:21 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-11-17 16:15 . 2009-10-19 11:21 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-11-17 16:15 . 2009-10-17 13:27 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-11-16 21:18 . 2009-11-16 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-11-13 11:00 . 2009-11-24 12:47 29512 ----a-w- c:\windows\system32\TURegOpt.exe 2009-11-13 10:53 . 2009-11-24 12:47 30024 ----a-w- c:\windows\system32\uxtuneup.dll 2009-11-11 13:11 . 2009-11-11 13:10 -------- d-----w- c:\program files\VisualRoute Lite Edition 2009-10-29 07:42 . 2001-08-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-26 14:53 . 2009-12-13 10:03 102400 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll 2009-10-21 05:39 . 2004-08-19 23:09 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:39 . 2004-08-19 23:09 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys 2009-10-15 19:40 . 2009-10-15 19:27 532 ----a-w- c:\documents and settings\All Users\Application Data\Ciel\Données Communes\pdf.dll 2009-10-13 10:33 . 2001-08-28 12:00 271360 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:39 . 2001-08-28 12:00 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:39 . 2001-08-28 12:00 150528 ----a-w- c:\windows\system32\rastls.dll 2009-07-28 07:46 . 2009-07-28 07:46 13560 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [7] 2001-08-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys c:\windows\System32\drivers\beep.sys ... manque !! . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048] "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-11-17 2971608] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-09-28 17:34 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series] 2007-04-12 06:00 182272 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICDE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check] 2004-09-21 10:22 73728 ----a-w- c:\windows\system32\PCLECoInst.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "WLSetupSvc"=3 (0x3) "odserv"=3 (0x3) "IDriverT"=3 (0x3) "usnjsvc"=3 (0x3) "ose"=3 (0x3) "iPod Service"=3 (0x3) "dmadmin"=3 (0x3) "EventSystem"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=3 (0x3) "SQLAgent$PINNACLESYS"=3 (0x3) "MSSQLServerADHelper"=3 (0x3) "MSSQL$PINNACLESYS"=2 (0x2) "MDM"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "PinnacleSys.MediaServer"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\GeneWeb-4.09\\gw\\gwsetup.exe"= "c:\\Program Files\\GeneWeb-4.09\\gw\\gwd.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [19/12/2009 17:20 28552] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/04/2008 09:26 114768] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [19/10/2009 12:21 233136] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/04/2008 09:26 20560] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/08/2008 11:41 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [04/10/2009 17:23 47640] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [19/10/2009 12:21 87784] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [13/11/2009 11:57 1021256] R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [19/10/2009 12:20 32552] R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [19/10/2009 12:20 70408] R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [19/10/2009 12:20 55208] R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [19/10/2009 12:20 115216] R3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [16/09/2004 17:00 162304] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064] S4 LMIRfsClientNP;LMIRfsClientNP; [x] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' 2010-01-04 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-11-24 11:09] 2010-01-04 c:\windows\Tasks\Recherche de problèmes automatique.job - c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-13 11:05] 2009-12-02 c:\windows\Tasks\ScanSpyware.job - c:\program files\ScanSpyware\3.9.1.9\ScanSpyware.exe [2009-11-23 19:10] 2010-01-04 c:\windows\Tasks\User_Feed_Synchronization-{39BD07C4-7B91-4E9F-9938-ACFEA156CA02}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://neufportail.fr/ DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\hz3jzbpo.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.neufportail.fr/ FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\hz3jzbpo.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\hz3jzbpo.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - true FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: network.http.max-persistent-connections-per-server - 4 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-04 14:50 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,b8,de,78,2f,8c,0b,47,a8,4f,ea,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,b8,de,78,2f,8c,0b,47,a8,4f,ea,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1136) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'explorer.exe'(2056) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\windows\system32\nvsvc32.exe c:\program files\PC Tools Firewall Plus\FWService.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe c:\windows\system32\wscntfy.exe c:\program files\LogMeIn\x86\LMIGuardian.exe . ************************************************************************** . Heure de fin: 2010-01-04 14:59:41 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-04 13:59 ComboFix2.txt 2009-11-18 11:03 Avant-CF: 10 120 134 656 octets libres Après-CF: 10 083 270 656 octets libres - - End Of File - - 3670839C1AD6A0EC99EF910AD913F89A Merci d'avance pour votre aide précieuse.
×
×
  • Créer...