Aller au contenu

simvir

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    francais

simvir's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. simvir
    ou si quelqu'un sait comment recuperer outlook, mails, contacts, carnet d'adresse... il me sert pour gerer ma boite, suis auto entrepreneur et sans ca je suis mort, c'est la seule chose importante sur l'ordi en fait! apres je peux envisager de formater help please Merci...
  2. simvir
    Bonjour, Je suis confronté depuis aujourd'hui à un probleme avec mon laptop, a savoir impossible de demarrer autrement qu'en mode sans echec. et donc dans l'impossibilité de l'utiliser pour mon boulot ce qui est tres genant , meme terriblement terrible! Symptome: A chaque demarrage "normal" le systeme refuse et tente une reparation du demarrage qu'il ne parvient pas à faire, il me propose ensuite une restauration qui ne change rien au probleme et reboot a chaque fois. autre info: je ne sais pas si c'est lié ou si c'est 2 pb differents mais j'ai egalement un rootkit decouvert par avast mais sans qu'il puisse l'eliminer dans le fichier: C/windows/system32/drivers/brbzi.sys j'ai donc fait tourner antispyware, combofix en mode sans echec lui aussi me signale brbzi mais ca ne change rien! je joins le rapport si quelqu'un peut trouver une solution... ca serait vraiment un grand merci car mon boulot necessite l'utilisation de ce laptop, en gros je suis vraiment dans la mouise. Je ne veux pas formater car outlook disparaitrait et sans lui ca serait la cata pour moi! voici la config de l'ordi au cas où: laptop toshiba satellite A200-BT systeme d'exploitation vista édition familiale premium version 6.0.6002 pack 2 version 6002 processeur : x64 family 6 model stepping 15 genuine intel dual CPU T3200 1995 Mhz carte mere : toshiba iskaa version 1.00 version du bios: Toshiba Phoenix V2.60 28/08/2008 mémoire physique totale : 2046 Mo mémoire physique disponible : 1675 Mo carte graphique : ati mobility radeon HD2400 DD : Hitachi 149Go ide Dèjà un grand merci à ceux qui me répondront! le rapport combofix: ComboFix 10-06-06.04 - Administrateur 07/06/2010 13:59:12.3.2 - x86 MINIMAL Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1504 [GMT 2:00] Lancé depuis: c:\users\Administrateur\Desktop\ComboFix.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-07 au 2010-06-07 )))))))))))))))))))))))))))))))))))) . 2010-06-07 12:05 . 2010-06-07 12:05 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-06-07 12:05 . 2010-06-07 12:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-07 07:29 . 2010-06-07 08:05 680 ----a-w- c:\users\Administrateur\AppData\Local\d3d9caps.dat 2010-06-05 04:45 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-05-25 07:53 . 2010-05-25 07:53 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb86D0.tmp.exe 2010-05-23 21:42 . 2010-05-23 21:42 -------- d-----w- c:\users\Administrateur\AppData\Local\temp(54) 2010-05-16 19:00 . 2010-05-16 19:01 21304816 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold_fr.exe 2010-05-16 19:00 . 2010-05-16 19:00 8405312 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe 2010-05-16 19:00 . 2010-05-16 19:00 149000 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe 2010-05-16 19:00 . 2010-05-16 19:00 10309448 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe 2010-05-16 18:59 . 2010-05-16 18:59 79368 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe 2010-05-16 18:59 . 2010-05-16 18:59 64000 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll 2010-05-16 18:59 . 2010-05-16 18:59 52288 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll 2010-05-16 18:59 . 2010-05-16 18:59 50688 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll 2010-05-16 18:59 . 2010-05-16 18:59 49152 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll 2010-05-16 18:59 . 2010-05-16 18:59 118784 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll 2010-05-16 10:59 . 2010-05-16 10:59 443912 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\setup.exe 2010-05-15 19:13 . 2010-05-15 19:30 -------- d-----w- c:\users\Administrateur\AppData\Local\Microsoft Games 2010-05-14 11:25 . 2010-05-14 11:25 -------- d-----w- c:\users\Administrateur\AppData\Roaming\1&1 2010-05-14 11:24 . 2010-05-14 11:28 -------- d-----w- c:\program files\1&1 2010-05-14 08:14 . 2010-06-07 12:06 -------- d-----w- c:\users\Administrateur\AppData\Local\temp 2010-05-14 07:42 . 2010-06-07 12:06 741376 ----a-w- c:\windows\system32\drivers\brbzi.sys 2010-05-14 07:40 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-05-14 07:40 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-05-14 07:40 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-05-12 09:36 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll 2010-05-10 11:42 . 2010-05-10 12:09 99 ----a-w- c:\users\Administrateur\AppData\Local\fqjttdph.bat 2010-05-10 11:40 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-05-10 11:40 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-05-10 11:40 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-05-10 11:40 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-05-10 11:40 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-05-10 11:39 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-05-10 11:39 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-05-10 11:39 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-05-10 11:39 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll 2010-05-10 11:39 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-10 11:33 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-05-10 11:33 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-05 09:28 . 2006-11-02 15:48 672322 ----a-w- c:\windows\system32\perfh00C.dat 2010-06-05 09:28 . 2006-11-02 15:48 124434 ----a-w- c:\windows\system32\perfc00C.dat 2010-06-05 05:06 . 2009-03-12 15:48 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-05 05:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-06-05 04:44 . 2009-03-31 12:01 -------- d-----w- c:\program files\Microsoft 2010-06-04 22:29 . 2009-05-01 22:36 7062 ----a-w- c:\programdata\Intuit\QuickBooks 2009\qbbackup.sys 2010-05-30 11:11 . 2009-11-05 14:46 -------- d-----w- c:\users\Administrateur\AppData\Roaming\vlc 2010-05-27 12:59 . 2009-03-27 16:06 -------- d-----w- c:\program files\WebSite X5 v8 - Evolution 2010-05-25 15:06 . 2007-04-18 05:56 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-25 15:05 . 2007-04-18 05:56 -------- d-----w- c:\program files\Common Files\InstallShield 2010-05-21 12:14 . 2009-10-05 06:42 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-14 11:15 . 2009-03-30 15:07 119640 ----a-w- c:\users\Administrateur\AppData\Local\GDIPFONTCACHEV1.DAT 2010-05-14 07:38 . 2010-05-14 07:38 16 ----a-w- c:\users\Administrateur\AppData\Roaming\wqhtpi.dat 2010-05-10 12:22 . 2009-09-11 22:43 -------- d-----w- c:\program files\pdfforge Toolbar 2010-05-10 12:04 . 2009-03-30 11:41 -------- d-----w- c:\programdata\eMule 2010-05-10 12:04 . 2008-12-04 17:34 -------- d-----w- c:\program files\eMule 2010-05-10 10:48 . 2009-03-30 10:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-10 10:48 . 2009-03-30 10:41 -------- d-----w- c:\program files\CCleaner 2010-05-05 09:52 . 2010-05-05 09:52 16 ----a-w- c:\users\Administrateur\AppData\Roaming\qvjsge.dat 2010-05-01 15:29 . 2010-05-01 15:29 -------- d-----w- c:\program files\PokerStars.NET 2010-04-21 11:32 . 2010-04-21 11:32 -------- d-----w- c:\program files\Radio_Bar_1 2010-04-15 19:28 . 2008-11-26 16:26 -------- d-----w- c:\program files\Google 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] 2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880] [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-20 39408] "Google Update"="c:\users\Administrateur\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-30 133104] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-07 247144] "1&1 EasyLogin"="c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe" [bU] "BrowserChoice"="c:\windows\System32\browserchoice.exe" [2010-02-12 293376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-06 185872] "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07-29 1024512] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] "FindyKill"="c:\findykill\FindyKill.cmd" [2009-08-31 63893] c:\users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "UacDisableNotify"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\System Safety Monitor] 2006-07-04 15:23 38912 ----a-w- c:\windows\System32\SSMWinlogonEx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager] 2008-09-08 23:21 623880 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2009-12-03 15:14 429392 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-12-06 18:40 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-08-07 14:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):84,2c,f7,75,0f,39,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4234129180-3670427610-2330688449-500] "EnableNotificationsRef"=dword:00000003 R0 safemon;System Safety Monitor 2.0 Core Engine;c:\windows\system32\drivers\safemon.sys [x] R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-14 691696] R1 aswSP;avast! Self Protection; [x] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-03 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-03 74480] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 136176] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-07 92008] R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 95744] R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-11-13 51968] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-03 7408] R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x] R4 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848] --- Autres Services/Pilotes en mémoire --- *Deregistered* - brbzi [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 11:56] 2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 11:56] 2010-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4234129180-3670427610-2330688449-500Core.job - c:\users\Administrateur\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-30 17:02] 2010-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4234129180-3670427610-2330688449-500UA.job - c:\users\Administrateur\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-30 17:02] 2010-06-05 c:\windows\Tasks\User_Feed_Synchronization-{3A09B0E6-ABFD-4BCB-B975-0884D78EFC8A}.job - c:\windows\system32\msfeedssync.exe [2008-12-03 07:33] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.fr/ mStart Page = hxxp://www.tropal.net/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-...1&site=home IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe FF - ProfilePath - c:\users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\nwy8bbbb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\users\Administrateur\AppData\Local\Google\Update\1.2.183.27\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - HKLM-RunOnce-<NO NAME> - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-07 14:06 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\brbzi] . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,76,f3,ff,20,92,ea,69,48,bd,40,af,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,76,f3,ff,20,92,ea,69,48,bd,40,af,\ [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\DTLite.exe" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.CDA" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\DTLite.exe" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\pdfenc.exe" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx%20\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\CDTI.EXE" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\PhotoViewer.dll" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.HTM" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.HTM" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ISO\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\DTLite.exe" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (Administrator) "Progid"="jpegfile" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\notepad.exe" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M3U" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\reaper.exe" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (Administrator) "Progid"="Photoshop.Image.6" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pst\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\NOTEPAD.EXE" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.URL" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vlc\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\wmplayer.exe" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAV" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAX" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMA" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMV" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WPL" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" [HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2010-06-07 14:08:55 ComboFix-quarantined-files.txt 2010-06-07 12:08 ComboFix2.txt 2010-05-23 21:42 ComboFix3.txt 2010-05-14 08:14 ComboFix4.txt 2010-05-10 12:28 ComboFix5.txt 2010-06-07 11:55 Avant-CF: 33 285 451 776 octets libres Après-CF: 33 286 848 512 octets libres Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6 - - End Of File - - 4D84A7A207D8B0DBB37E2E9B5834FB21
×
×
  • Créer...