Aller au contenu

carooo.a

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    51

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par carooo.a

  1. carooo.a
    Bonjour à tous. A la suite d'un problème de virus rencontré initialement avec Hotmail et Windows live messenger (que je n'arrive plus à l'installer après l'avoir mal désinstallé) un ami m'a conseillé CCleaner puis Malware Bit et enfin en dernier recours: Combofix. J'ai bien utilisé chaque logiciel afin de nettoyer mon ordinateur pour enfin réinstaller windows live messenger mais je n'y arrive toujours pas. je viens donc de terminer l'analyse/nettoyage de ComboFix et voici le rapport. Est-ce que quelqu'un aurait la gentillesse et le temps de m'aider et de l'analyse pour moi? merci d'avance. Voici le rapport: ComboFix 10-03-29.04 - Caroline 01/04/2010 21:18:00.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1208 [GMT 2:00] Lancé depuis: c:\documents and settings\Caroline\Bureau\ComboFix.exe AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Caroline\LOCALS~1\Temp\Adobelm_Cleanup.0001.dir.0000\~de7b92.tmp c:\docume~1\Caroline\LOCALS~1\Temp\Adobelm_Cleanup.0001.dir.0000\~df394b.tmp c:\docume~1\Caroline\LOCALS~1\Temp\Adobelm_Cleanup.0001.dir.0001\~df394b.tmp c:\documents and settings\Caroline\Local Settings\Temp\Adobelm_Cleanup.0001.dir.0000\~de7b92.tmp c:\documents and settings\Caroline\Local Settings\Temp\Adobelm_Cleanup.0001.dir.0000\~df394b.tmp c:\documents and settings\Caroline\Local Settings\Temp\Adobelm_Cleanup.0001.dir.0001\~df394b.tmp . ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-01 au 2010-04-01 )))))))))))))))))))))))))))))))))))) . 2010-03-31 22:38 . 2010-03-31 22:38 -------- d-----w- c:\documents and settings\Caroline\Application Data\Malwarebytes 2010-03-31 22:37 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-31 22:37 . 2010-03-31 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-31 22:37 . 2010-03-31 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-31 22:37 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-31 22:27 . 2010-03-31 22:27 -------- d-----w- c:\program files\CCleaner 2010-03-21 21:39 . 2010-03-21 21:39 -------- d-----w- c:\program files\Microsoft Sync Framework 2010-03-21 21:38 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2010-03-21 21:38 . 2010-03-21 21:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-03-21 20:51 . 2010-03-21 20:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-03-21 20:31 . 2010-03-21 20:31 -------- d-----w- c:\documents and settings\Caroline\Application Data\MSNInstaller 2010-03-21 20:29 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2010-03-21 20:29 . 2010-03-21 22:32 -------- d-----w- c:\program files\Windows Live 2010-03-10 21:10 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-01 19:39 . 2008-08-18 15:38 -------- d-----w- c:\documents and settings\Caroline\Application Data\Skype 2010-04-01 18:49 . 2008-08-18 15:39 -------- d-----w- c:\documents and settings\Caroline\Application Data\skypePM 2010-03-31 23:20 . 2008-08-18 16:41 -------- d-----w- c:\documents and settings\Caroline\Application Data\Azureus 2010-03-31 22:34 . 2008-08-26 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-03-31 22:23 . 2006-01-16 16:23 87026 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-31 22:23 . 2006-01-16 16:23 515766 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-21 20:31 . 2010-03-21 20:31 826856 ----a-w- c:\documents and settings\Caroline\Application Data\MSNInstaller\msnauins.exe 2010-03-13 22:47 . 2008-10-17 09:25 -------- d-----w- c:\documents and settings\Caroline\Application Data\Apple Computer 2010-03-13 22:46 . 2008-10-17 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-03-10 21:53 . 2008-09-02 20:21 -------- d-----w- c:\documents and settings\Caroline\Application Data\Vso 2010-02-25 06:17 . 2006-01-16 16:23 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-22 21:28 . 2009-12-17 06:26 3532 ----a-w- C:\drmHeader.bin 2010-02-21 17:27 . 2010-02-21 17:24 -------- d-----w- c:\program files\iTunes 2010-02-21 17:24 . 2010-02-21 17:24 -------- d-----w- c:\program files\iPod 2010-02-21 17:24 . 2009-12-26 06:33 -------- d-----w- c:\program files\Fichiers communs\Apple 2010-02-21 15:57 . 2010-02-21 15:57 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-12 10:03 . 2010-02-27 21:54 293376 ------w- c:\windows\system32\browserchoice.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 02:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "updateMgr"="c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472] "\\MONSTERMAN\EPSON TX100 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDP.EXE" [2008-02-05 188928] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CFSServ.exe"="CFSServ.exe -NoClient" [X] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "TPSMain"="TPSMain.exe" [2005-08-03 266240] "NDSTray.exe"="NDSTray.exe" [bU] "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728] "SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784] "TFncKy"="TFncKy.exe" [bU] "TDispVol"="TDispVol.exe" [2005-09-15 73728] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-18 29744] "Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064] "Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-21 2046816] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-9-27 25214] Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-03 08:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"= "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [04/03/2009 03:27 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/03/2009 03:27 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/03/2009 03:27 108552] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/03/2009 03:27 297752] R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [30/04/2009 08:51 1370488] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [04/03/2009 03:25 29208] S2 fcigebaw;Manager Server;c:\windows\system32\svchost.exe -k netsvcs [16/01/2006 18:23 14336] S2 prhthoo;Driver Config;c:\windows\system32\svchost.exe -k netsvcs [16/01/2006 18:23 14336] S2 qobjd;Image Task;c:\windows\system32\svchost.exe -k netsvcs [16/01/2006 18:23 14336] S2 zqlguvus;Support Center;c:\windows\system32\svchost.exe -k netsvcs [16/01/2006 18:23 14336] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [04/03/2009 03:25 29208] S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [06/12/2009 02:18 406016] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [18/08/2008 12:27 29744] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs qobjd zqlguvus fcigebaw prhthoo . Contenu du dossier 'Tâches planifiées' 2010-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34] 2009-12-18 c:\windows\Tasks\Install_NSS.job - c:\program files\Vuze\nssstub.exe [2009-12-18 03:11] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local;localhost uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Caroline\Application Data\Mozilla\Firefox\Profiles\e8x6mgpu.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search= FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe HKCU-Run-Google Update - c:\documents and settings\Caroline\Local Settings\Application Data\Google\Update\GoogleUpdate.exe HKLM-Explorer_Run-MfwTJ1w5yZ - c:\documents and settings\All Users\Application Data\zotongri\hgxolcte.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-01 21:35 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fcigebaw] "ServiceDll"="c:\windows\system32\qwffdxcm.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\prhthoo] "ServiceDll"="c:\windows\system32\qwffdxcm.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qobjd] "ServiceDll"="c:\windows\system32\qwffdxcm.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zqlguvus] "ServiceDll"="c:\windows\system32\qwffdxcm.dll" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1364) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(4148) c:\windows\system32\TDispVol.dll c:\progra~1\WINDOW~1\wmpband.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Windows Live\Family Safety\fsssvc.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe c:\progra~1\AVG\AVG8\avgam.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe c:\windows\system32\wscntfy.exe c:\windows\system32\Ati2evxx.exe c:\program files\Synaptics\SynTP\Toshiba.exe c:\windows\RTHDCPL.EXE c:\windows\AGRSMMSG.exe c:\windows\system32\TPSMain.exe c:\program files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe c:\windows\system32\TDispVol.exe c:\program files\TOSHIBA\ConfigFree\CFSServ.exe c:\windows\system32\TPSBattM.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Heure de fin: 2010-04-01 21:43:41 - La machine a redémarré ComboFix-quarantined-files.txt 2010-04-01 19:43 Avant-CF: 53 073 989 632 octets libres Après-CF: 52 925 046 784 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect - - End Of File - - 129523E8CDDAB72F6E2AA8DA119171AE
×
×
  • Créer...