Aller au contenu

shablou

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    28

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par shablou

  1. shablou
    Je vais attendre que vous me confirmé si je dois relancer toolbar pour la suppression, vu que je suis légèrement perdu dans ces données !! Sinon oui j'ai utilisé MalwareBytes et voici le rapport d'analyse : Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{661e32fd-a5f0-49bc-96cc-d872fe10a7dc} (AdWare.WebHancer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3296405e-e08f-4442-801e-3dcd2c6aa82c} (AdWare.WebHancer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bf0118d4-63ff-4138-9327-f3028fb1a578} (AdWare.WebHancer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bf0118d4-63ff-4138-9327-f3028fb1a578} (AdWare.WebHancer) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\All Users\Application Data\36272525 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\38532627 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\39573835 (Rogue.Multiple) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll (AdWare.WebHancer) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\36272525\36272525.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\38532627\38532627.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\39573835\39573835.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Propriétaire\Bureau\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. C'est grave docteur ?! merci en tout cas de votre réponse..
  2. shablou
    salut.. ok je fais comme indiqué.. j'ai téléchargé toolbar et suivi les indications, voici le 1er rapport : -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Sempron Processor 3000+ ) BIOS : Phoenix - Award BIOS v6.00PG USER : Compaq_Propriétaire ( Administrator ) BOOT : Normal boot Antivirus : AntiVirus Firewall 8.01 8.01 (Activated) Firewall : AntiVirus Firewall 8.01 8.01 (Activated) C:\ (Local Disk) - NTFS - Total:143 Go (Free:113 Go) D:\ (Local Disk) - FAT32 - Total:5 Go (Free:2 Go) E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) G:\ (USB) H:\ (USB) I:\ (USB) J:\ (Local Disk) - FAT32 - Total:76 Go (Free:40 Go) K:\ (USB) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [1] ( 30/03/2010|20:02 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\AskBarDis C:\Program Files\AskBarDis\bar C:\Program Files\AskBarDis\unins000.dat C:\Program Files\AskBarDis\unins000.exe C:\Program Files\AskBarDis\bar\bin C:\Program Files\AskBarDis\bar\Cache C:\Program Files\AskBarDis\bar\History C:\Program Files\AskBarDis\bar\Settings C:\Program Files\AskBarDis\bar\bin\askBar.dll C:\Program Files\AskBarDis\bar\bin\askPopStp.dll C:\Program Files\AskBarDis\bar\bin\psvince.dll C:\Program Files\AskBarDis\bar\Cache\01062DEB C:\Program Files\AskBarDis\bar\Cache\01063473 C:\Program Files\AskBarDis\bar\Cache\0106383C.bin C:\Program Files\AskBarDis\bar\Cache\01063ADC.bin C:\Program Files\AskBarDis\bar\Cache\01063F50.bin C:\Program Files\AskBarDis\bar\Cache\010645C8.bin C:\Program Files\AskBarDis\bar\Cache\0106475F.bin C:\Program Files\AskBarDis\bar\Cache\010648F5.bin C:\Program Files\AskBarDis\bar\Cache\01064A8B.bin C:\Program Files\AskBarDis\bar\Cache\01064C12.bin C:\Program Files\AskBarDis\bar\Cache\01064DA8.bin C:\Program Files\AskBarDis\bar\Cache\01064F3E.bin C:\Program Files\AskBarDis\bar\Cache\files.ini C:\Program Files\AskBarDis\bar\History\search C:\Program Files\AskBarDis\bar\Settings\config.dat C:\Program Files\AskBarDis\bar\Settings\config.dat.bak C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm C:\Program Files\GamesBar C:\Program Files\GamesBar\search.bin C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125 C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\temp C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\ErrorPageTemplate.css C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\help.gif C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\pixel.gif C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\tabdata.js C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\tablib.js C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\tabwelcome_en.html C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\tab_icon.png C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\toolbar_background.gif C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\vista_directions.png C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\xp_directions.png C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\yahoo_search.gif C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\temp\ws-14694.log C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\temp\ws-14695.log C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\temp\ws-14696.log C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\temp\ws-14697.log -----------\\ Extensions (Compaq_Propriétaire) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" "Start Page"="http://www.orange.fr/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 30/03/2010|20:04 - Option : [1] -----------\\ Fin du rapport a 20:04:37,62
  3. shablou
    bonsoir à tous et merci à ce forum d'exister.. Donc voilà, suite à une entrée spectaculaire de security tool dans mon pc qui m'a bloqué le système sans rentrer dans les détails, j'ai donc suivi des instruction cité sur un site, en commancant par telecharger 'malwarebytes' ; recherche complète de virus et autres.. puis 'combofix' avec lequel je me retrouve avec un rapport d'analyse qui vous parlera bien plus qu'à moi.. merci de votre aide : ComboFix 10-03-28.03 - Compaq_Propriétaire 29/03/2010 19:39:37.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.510.232 [GMT 2:00] Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Bureau\ComboFix.exe AV: AntiVirus Firewall 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: AntiVirus Firewall 8.01 *disabled* {D4747503-0346-49EB-9262-997542F79BF4} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Search Settings c:\program files\Search Settings\kb125\res\ErrorPageTemplate.css c:\program files\Search Settings\kb125\res\help.gif c:\program files\Search Settings\kb125\res\pixel.gif c:\program files\Search Settings\kb125\res\tab_icon.png c:\program files\Search Settings\kb125\res\tabdata.js c:\program files\Search Settings\kb125\res\tablib.js c:\program files\Search Settings\kb125\res\tabwelcome_en.html c:\program files\Search Settings\kb125\res\toolbar_background.gif c:\program files\Search Settings\kb125\res\vista_directions.png c:\program files\Search Settings\kb125\res\xp_directions.png c:\program files\Search Settings\kb125\res\yahoo_search.gif c:\program files\Search Settings\kb125\SearchSettings.dll c:\program files\Search Settings\SearchSettings.exe c:\windows\system32\ps2.bat c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-28 au 2010-03-29 )))))))))))))))))))))))))))))))))))) . 2010-03-29 15:11 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 15:11 . 2010-03-29 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-29 15:11 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-29 15:11 . 2010-03-29 15:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-29 15:00 . 2010-03-29 15:00 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache 2010-03-11 15:59 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-03-05 08:18 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-29 08:58 . 2008-04-22 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-03-28 20:41 . 2007-02-11 14:45 -------- d-----w- c:\program files\AntivirusFirewall 2010-03-28 09:01 . 2004-11-23 21:26 84432 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-28 09:01 . 2004-11-23 21:26 510030 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-27 11:52 . 2010-02-27 11:52 -------- d-----w- c:\program files\Electronic Arts 2010-02-25 14:13 . 2010-02-22 01:26 -------- d-----w- c:\program files\BearShare Applications 2010-02-24 12:35 . 2006-04-23 14:30 -------- d-----w- c:\program files\DivX 2010-02-24 12:32 . 2010-02-24 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\376D 2010-02-17 19:34 . 2010-02-17 19:34 -------- d-----w- c:\program files\AIST 2010-02-14 13:19 . 2006-04-22 11:25 -------- d-----w- c:\program files\Wanadoo 2010-02-14 13:13 . 2005-01-02 21:56 -------- d-----w- c:\program files\Java 2010-02-14 13:10 . 2005-01-02 22:27 -------- d-----w- c:\program files\Google 2010-02-14 13:09 . 2009-06-06 00:56 -------- d-----w- c:\program files\Full Tilt Poker 2010-02-14 13:09 . 2005-01-02 22:04 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-13 14:37 . 2010-02-13 14:37 -------- d-----w- c:\program files\FreeTime 2010-02-13 14:14 . 2010-02-13 14:08 -------- d-----w- c:\program files\Total Video Converter 2010-02-13 14:05 . 2010-02-13 13:09 -------- d-----w- c:\program files\Fichiers communs\AVSMedia 2010-02-13 14:05 . 2010-02-13 13:09 -------- d-----w- c:\program files\AVS4YOU 2010-02-13 13:12 . 2010-02-13 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2010-02-10 13:20 . 2010-01-01 23:54 -------- d-----w- c:\program files\PokerStars 2010-02-09 08:42 . 2009-11-25 15:13 -------- d-----w- c:\program files\Foxit Software 2009-12-31 16:50 . 2004-08-05 18:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-02-25 251264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus Photo R240 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE" [2005-04-25 98304] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-07 185872] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440] "SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152] "F-Secure TNB"="c:\program files\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-12-04 957024] "F-Secure Manager"="c:\program files\AntivirusFirewall\Common\FSM32.EXE" [2008-12-04 182936] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344] "PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|DEFAULT=cnx|PARAM= "Window Washer"=c:\program files\Webroot\Washer\wwDisp.exe "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\kloviss71\\half-life 2 deathmatch\\hl2.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\kloviss71\\half-life deathmatch source\\hl2.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"= R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [24/04/2009 22:19 33920] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [11/02/2007 16:48 79872] R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 17:11 35328] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\AntivirusFirewall\HIPS\drivers\fshs.sys [24/04/2009 22:18 67808] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [11/02/2007 16:47 111296] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\AntivirusFirewall\ORSP Client\fsorsp.exe [24/04/2009 22:18 55904] S2 gupdate1ca204540ee103a;Service Google Update (gupdate1ca204540ee103a);c:\program files\Google\Update\GoogleUpdate.exe [18/08/2009 22:48 133104] S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [12/05/2005 17:24 260608] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [11/02/2007 16:47 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [11/02/2007 16:47 25184] . Contenu du dossier 'Tâches planifiées' 2010-03-29 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 20:22] 2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-18 20:47] 2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-18 20:47] 2010-03-12 c:\windows\Tasks\HPCeeSchedule.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 18:22] 2010-03-29 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~1\ANTIVI~1\ANTI-V~1\fsav.exe [2007-02-11 13:57] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.orange.fr/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s LSP: c:\program files\AntivirusFirewall\FSPS\program\FSLSP.DLL DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe HKLM-Run-ISUSScheduler - c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe HKLM-Run-ISUSPM Startup - c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe MSConfigStartUp-36272525 - c:\documents and settings\All Users\Application Data\36272525\36272525.exe MSConfigStartUp-38532627 - c:\documents and settings\All Users\Application Data\38532627\38532627.exe MSConfigStartUp-39573835 - c:\docume~1\ALLUSE~1\APPLIC~1\39573835\39573835.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-29 19:46 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(828) c:\windows\system32\Ati2evxx.dll c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll - - - - - - - > 'lsass.exe'(888) c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll - - - - - - - > 'csrss.exe'(748) c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll . Heure de fin: 2010-03-29 19:50:57 ComboFix-quarantined-files.txt 2010-03-29 17:50 Avant-CF: 121 557 766 144 octets libres Après-CF: 121 573 105 664 octets libres - - End Of File - - 78B925407E3CA776C235B46D07D89604
×
×
  • Créer...