Aller au contenu

Kitano

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Kitano

  1. Kitano
    merci de ton aide ! toute fois entre temps , avec l'aide d'une personne qualifier dans se genre de pb j'ai reussis ( apparament ) a reglé le probleme ! donc je ne sais pas si le script que tu m'as posté est tjr d'actualité a etre utilisé Pb essential security 2010 resolut et quelque troyens supprimé dans le meme temps
  2. Kitano
    donc voila ! j'ai un pb ! j'ai essential security 2010 qui a debarqué sur mon pc ! j'avais a peu pres reussis a enlever quelque truk en suivant des conseil lu par si et la ! mais se n'etais pas completement reussi vus que en voulant me connecté a face book ou encore youtube ! j'avais droit a un : Restricted Site! This web site is restricted based on your security preferences. Your system is infected. Please activate your antivirus software. donc voila je demande votre aide ! a la base j'suis simplement pti bidouilleur voici le log ComboFix SVP help Me ! ComboFix 10-02-16.03 - Crépin Arnaud 17/02/2010 18:55:40.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1508 [GMT 1:00] Lancé depuis: c:\documents and settings\Crépin Arnaud\Mes documents\Téléchargements\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-839522115-706699826-725345543-1004 c:\windows\system32\$ncsp$.inf c:\windows\system32\6334.exe c:\windows\system32\config\49512522.Evt c:\windows\system32\helpers32.dll c:\windows\system32\SIntf16.dll c:\windows\system32\warnings.html . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3550P -------\Service_asc3550p ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-17 au 2010-02-17 )))))))))))))))))))))))))))))))))))) . 2010-02-17 17:26 . 2010-02-17 17:27 -------- d-----w- C:\6a03ebb9d161fb26ae0c73 2010-02-17 02:34 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-02-17 02:29 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-02-17 02:29 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-02-17 02:29 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2010-02-17 02:29 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll 2010-02-17 02:29 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe 2010-02-17 02:29 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2010-02-17 02:29 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2010-02-17 02:29 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll 2010-02-17 02:29 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll 2010-02-17 02:29 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-02-17 02:28 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2010-02-17 02:27 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2010-02-17 02:20 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll 2010-02-17 02:18 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe 2010-02-16 23:51 . 2010-02-16 23:51 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-02-16 23:22 . 2010-02-17 18:03 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat 2010-02-15 14:07 . 2010-02-15 14:07 -------- d-----w- c:\windows\system32\wbem\Repository 2010-02-15 11:23 . 2010-02-15 11:23 -------- d-----w- C:\found.002 2010-01-29 23:41 . 2010-01-29 23:41 -------- d-----w- C:\found.001 2010-01-29 23:10 . 2010-01-29 23:10 -------- d-----w- c:\program files\Ubisoft 2010-01-29 18:33 . 2010-02-15 14:16 -------- d-----w- c:\program files\Free Download Manager 2010-01-27 12:09 . 2010-01-27 12:14 -------- d-----w- c:\windows\system32\SupportAppXL 2010-01-26 21:54 . 2010-01-26 21:54 -------- d-----w- c:\program files\Fichiers communs\Screaming Bee 2010-01-26 21:53 . 2010-01-26 21:53 -------- d-----w- c:\program files\Screaming Bee 2010-01-26 21:53 . 2010-01-26 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Screaming Bee . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-17 18:06 . 2010-02-17 18:04 792064 ----a-w- c:\windows\system32\drivers\oniiuf.sys 2010-02-17 18:04 . 2010-02-17 18:04 0 ----a-w- c:\windows\system32\41.exe 2010-02-17 18:04 . 2010-02-17 18:04 1496576 ----a-w- c:\windows\system32\ES15.exe 2010-02-17 18:04 . 2010-02-17 18:04 24576 ----a-w- c:\windows\system32\helpers32.dll 2010-02-17 18:03 . 2010-02-17 18:03 16 ----a-w- c:\documents and settings\LocalService\Application Data\sgcpom.dat 2010-02-17 18:03 . 2010-02-17 18:03 39936 ----a-w- c:\windows\system32\winlogon32.exe 2010-02-17 18:03 . 2010-02-17 18:03 39936 ----a-w- c:\windows\system32\smss32.exe 2010-02-17 17:30 . 2006-03-02 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-17 17:30 . 2006-03-02 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-16 23:52 . 2009-01-02 11:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-16 23:22 . 2010-02-16 23:22 16 ----a-w- c:\documents and settings\NetworkService\Application Data\sgcpom.dat 2010-01-30 00:40 . 2009-10-09 18:50 -------- d-----w- c:\program files\Diablo II 2010-01-30 00:39 . 2007-10-19 12:23 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-30 00:38 . 2008-11-23 17:54 -------- d-----w- c:\program files\Alcohol Soft 2010-01-30 00:37 . 2009-11-06 23:50 -------- d-----w- c:\program files\Darkstar One 2010-01-22 13:53 . 2007-10-28 12:16 -------- d-----w- c:\program files\Windows Media Connect 2 2010-01-22 13:53 . 2008-01-31 12:08 -------- d-----w- c:\program files\Microsoft Works 2010-01-22 13:53 . 2009-09-28 17:01 -------- d-----w- c:\program files\AGEIA Technologies 2010-01-22 13:53 . 2007-10-19 12:28 -------- d-----w- c:\program files\ASUS WiFi-AP Solo 2010-01-22 13:52 . 2007-11-18 21:09 -------- d-----w- c:\program files\eMule 2010-01-22 13:52 . 2007-10-22 23:22 -------- d-----w- c:\program files\DivX 2010-01-22 13:52 . 2009-10-21 21:52 -------- d-----w- c:\program files\Bounty Bay Online 2010-01-15 08:18 . 2010-01-15 08:18 45 ---h--w- c:\windows\dwin1737.dat 2010-01-15 08:17 . 2009-09-25 01:27 -------- d-----w- c:\program files\Windows Live Safety Center 2010-01-09 07:42 . 2010-01-09 07:42 -------- d-----w- c:\program files\PhotoFiltre 2010-01-07 15:07 . 2009-01-02 11:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2009-01-02 11:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-05 09:56 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 09:56 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 09:56 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-23 20:28 . 2007-10-22 18:37 -------- d-----w- c:\program files\Skype 2009-12-23 19:47 . 2009-12-23 19:47 -------- d-----w- c:\program files\Emerald Viewer 2009-12-17 07:41 . 2007-10-19 11:58 347648 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:09 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-12-02 14:04 . 2009-12-02 14:03 2605832 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s5_l4.exe 2009-11-27 17:13 . 2006-03-02 12:00 1297920 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 17:13 . 2004-08-19 16:09 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 16:08 . 2006-03-02 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:08 . 2006-03-02 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:08 . 2006-03-02 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll 2009-11-27 16:08 . 2004-08-19 16:09 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:08 . 2001-08-23 17:47 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-25 23:24 . 2009-11-25 23:25 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-21 15:58 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-10-21 16:46 . 2008-05-24 14:28 32768 ----a-w- c:\program files\B06DAEB20A60436D86250A4714B9CBCA.db 2008-09-08 18:05 . 2008-09-01 14:42 21431024 ----a-w- c:\program files\VeohSetup-3.9.8.1077.exe 2008-08-25 10:35 . 2008-08-21 12:03 21433072 ----a-w- c:\program files\VeohSetup-3.9.7.1071.exe 2007-11-21 20:14 . 2007-11-21 20:15 29696 ----a-w- c:\program files\99B7C9EC8F4A4946B42D908E076D4B1A.db 2008-06-07 17:59 . 2008-06-07 17:59 61 --sh--w- c:\windows\cnerolf.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "oovoo.exe"="c:\program files\ooVoo\oovoo.exe" [2009-11-25 18440376] "smss32.exe"="c:\windows\system32\smss32.exe" [2010-02-17 39936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-25 149280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024] "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.07\RivaTuner.exe" [2008-03-02 2686976] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016] "smss32.exe"="c:\windows\system32\smss32.exe" [2010-02-17 39936] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Cr‚pin Arnaud\Menu D‚marrer\Programmes\D‚marrage\ netuza32.exe [2008-4-14 23040] Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-10-19 987136] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\winlogon32.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-09-03 16:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Crépin Arnaud^Menu Démarrer^Programmes^Démarrage^IMVU.lnk] path=c:\documents and settings\Crépin Arnaud\Menu Démarrer\Programmes\Démarrage\IMVU.lnk backup=c:\windows\pss\IMVU.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-16 10:45 63712 ----a-w- c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] 2004-02-12 15:57 188416 ----a-w- c:\program files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] 2004-02-12 15:59 77824 ----a-w- c:\program files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-08-17 01:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2009-08-17 01:03 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2007-12-04 23:41 1626112 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-01-31 22:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] 2006-07-13 05:12 729088 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2006-12-18 13:34 868352 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 00:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\SecondLifeReleaseCandidate\\SLVoice.exe"= "c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\Program Files\\SecondLifeReleaseCandidate\\SecondLifeReleaseCandidate.exe"= "c:\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"= "c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"= "c:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe"= "c:\\World of Warcraft\\WoW-2.4.2-frFR-downloader.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"= "c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\ooVoo\\ooVoo.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Bohemia Interactive\\ArmA 2 Demo\\ArmA2Demo.exe"= "c:\\Program Files\\Bohemia Interactive\\ArmA 2\\arma2.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\\Program Files\\Emerald Viewer\\SLVoice.exe"= "c:\\Program Files\\Emerald Viewer\\Emerald.exe"= "c:\\Program Files\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57961:TCP"= 57961:TCP:Pando P2P TCP Listening Port "57961:UDP"= 57961:UDP:Pando P2P UDP Listening Port "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo "443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo "37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo "37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo "37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/08/2008 17:06 717296] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17/05/2009 20:13 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17/05/2009 20:13 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [17/05/2009 20:13 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [17/05/2009 20:13 297752] R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe [23/07/2008 20:27 106496] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [22/03/2007 13:17 20992] R3 NTProcDrv;Process creation detector for NT.;c:\windows\Temp\drv1.tmp [17/02/2010 19:02 3584] S0 olvnxhbf;olvnxhbf; [x] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [19/10/2007 13:28 176128] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - ONIIUF *Deregistered* - oniiuf . Contenu du dossier 'Tâches planifiées' 2010-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://home.neuf.fr/ uInternet Settings,ProxyOverride = *.local IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Crépin Arnaud\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk LSP: c:\windows\system32\helpers32.dll Trusted Zone: buy-security-essentials.com Trusted Zone: download-soft-package.com Trusted Zone: download-software-package.com Trusted Zone: get-key-se10.com Trusted Zone: is-software-download.com Trusted Zone: buy-security-essentials.com Trusted Zone: get-key-se10.com FF - ProfilePath - c:\documents and settings\Crépin Arnaud\Application Data\Mozilla\Firefox\Profiles\918yr4uz.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Security essentials 2010 - c:\program files\Securityessentials2010\SE2010.exe MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe MSConfigStartUp-Pando - c:\program files\Pando Networks\Pando\Pando.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-17 19:02 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\windows\system32\warnings.html 4278 bytes c:\windows\system32\ES15.exe 1244154 bytes executable c:\windows\system32\helpers32.dll 24576 bytes executable c:\windows\system32\smss32.exe 39936 bytes executable c:\windows\system32\winlogon32.exe 39936 bytes executable Scan terminé avec succès Fichiers cachés: 5 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spue.sys >>UNKNOWN [0x8A711938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28 \Driver\ACPI -> ACPI.sys @ 0xb7e46cb8 \Driver\atapi -> atapi.sys @ 0xb7e01b40 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb7d0abb0 PacketIndicateHandler -> NDIS.sys @ 0xb7d17a21 SendHandler -> NDIS.sys @ 0xb7cf587b user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv] "ImagePath"="\??\c:\windows\TEMP\drv1.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\oniiuf] . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-2167747497-3184933994-3777536478-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:2d,5f,d3,c4,ab,ee,44,67,c5,64,ca,bb,4c,4b,fc,21,1e,85,1f,68,9a,bf,a8, dd,33,20,5e,4b,92,b3,5b,66,b6,49,1f,0a,fe,94,88,b5,8d,1e,64,36,43,09,a7,25,\ "??"=hex:e5,29,e4,d1,9e,a9,a7,fe,f4,4b,0d,27,aa,dd,7b,ad [HKEY_USERS\S-1-5-21-2167747497-3184933994-3777536478-1006\Software\SecuROM\License information*] "datasecu"=hex:da,63,a2,ae,0a,8e,5f,aa,22,f3,11,d8,57,70,0b,35,44,47,ca,d5,49, 8c,ee,64,ec,b4,83,21,59,15,e6,0c,9e,9a,c7,dd,61,6a,10,b3,f6,06,f0,07,28,4f,\ "rkeysecu"=hex:3b,2a,86,e7,98,7c,9b,c9,cc,8f,90,9d,77,56,20,82 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(1052) c:\windows\system32\msls31.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\helpers32.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\PnkBstrA.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe c:\windows\system32\RUNDLL32.EXE c:\program files\iPod\bin\iPodService.exe c:\program files\Fichiers communs\Nero\Lib\NMIndexingService.exe c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe . ************************************************************************** . Heure de fin: 2010-02-17 19:08:22 - La machine a redémarré ComboFix-quarantined-files.txt 2010-02-17 18:08 Avant-CF: 300 162 301 952 octets libres Après-CF: 303 504 318 464 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect - - End Of File - - 5D2C853DADD307A20934BDFE572215AD
×
×
  • Créer...