vincedub

Membres

Afficher le profil Afficher son activité

Compteur de contenus
3
Inscription
le 8 juin 2010
Dernière visite
le 9 juin 2010

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par vincedub

pc infecte rootkit page de pub

vincedub a répondu à un(e) sujet de vincedub dans Analyses et éradication malwares

merci bcp merci pour ta reponse et merci pour le fait de donner du temps a un inconnu le "au secours" c etait par ce que en effet c est une station de travail et je ne savais plus quoi faire (apres les passages tres long aux antivirus 5h en moyenne pour chaque avec un pic a 16 pour nod 32) l'infection et arrivé a la suite d'une surf changement de fond d ecran bureau avec ecrit en gros vous avez ete infecte instale je ne sais plus quel antivirus et avast qui etait alors mon antivirus a ouvert plein de fenetre me signalant des infections apres le passage de combofix je n'arrivais plus a me connecter sur windows update et le attaques de type j00k877.cc etait toujours bloquer par nod32 pro et mon service themes de windows ne demarrait plus ayant vraiment besoin de mon poste j ai fait le bourrin j'ai re installer windows par dessus (réparation ) je viens de faire 80 mises a jour sur windows update spybot n'arrete pas de me demander des confirmation de modification de registre internet explorer 8 ne veux pas demarrer je suis donc en train de le reinstaller edit : il fonctionne de nouveau j'installe xp.sp3 bref je suis un peu perdu @++ vince
- le 8 juin 2010
- 4 réponses
pc infecte rootkit page de pub

vincedub a répondu à un(e) sujet de vincedub dans Analyses et éradication malwares

au secours
- le 8 juin 2010
- 4 réponses
pc infecte rootkit page de pub

vincedub a posté un sujet dans Analyses et éradication malwares

bonjour je suis nouveau sur le forum j ai un pc qui rame et qui très infecté (plus de chargement du service theme de windows au demarage, site windows update inaccessible, attaque constante du type j00k877x.cc) j'ai passe tout les antivirus a ma dispo (avast, nod 32, panda, securiser(trend)) il ont tous trouver des chose mais ca ne change rien j ai besoin d aide voila mon log hitjacthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:53:32, on 08/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ArchVision\ArchVision Content Manager\rpcACMapp.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file) O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.3)" -"http://www.absoluflash.com/jeux-flash/special19.php?l640111=check1point&rena=t_19-cel-blaster.jpg&w=800&h=600" O4 - HKUS\S-1-5-21-842925246-1284227242-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres') O4 - HKUS\S-1-5-21-842925246-1284227242-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrateur') O4 - HKUS\S-1-5-21-842925246-1284227242-725345543-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Invité') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775F} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlabsli.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...r_installer.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{48679F50-2337-49F4-92D7-0CA378E24376}: NameServer = 212.27.53.252,212.27.54.252 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: ArchVision Content Manager Service - ArchVision - C:\Program Files\ArchVision\ArchVision Content Manager\rpcACMapp.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9307599cbd86) (gupdate1c9307599cbd86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: IPCLAMP by cebas Computer GmbH (IPClampService) - Unknown owner - C:\PROGRA~1\cebas\ip-clamp\ipclamp.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe -- End of file - 14978 bytes j ai voulu faire le malin avec combofix mais la non plus ca n a rien donné voila le log ComboFix 10-06-07.04 - vince 08/06/2010 14:00:50.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3070.2567 [GMT 2:00] Lancé depuis: c:\documents and settings\vince\Bureau\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Un antivirus résident est actif . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Thumbs.db c:\windows\system32\AutoRun.inf Une copie infectée de c:\windows\system32\drivers\rdpcdd.sys a été trouvée et désinfectée Copie restaurée à partir de - Kitty had a snack . ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-08 au 2010-06-08 )))))))))))))))))))))))))))))))))))) . 2010-06-08 10:45 . 2010-06-08 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-08 10:45 . 2010-06-08 10:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-08 10:37 . 2010-06-08 10:37 -------- d-----w- c:\program files\ToniArts 2010-06-07 17:11 . 2010-06-07 17:11 -------- d-----w- c:\documents and settings\vince\Local Settings\Application Data\ESET 2010-06-07 17:07 . 2010-06-07 17:07 -------- d-----w- c:\program files\ESET 2010-06-07 17:07 . 2010-06-07 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-06-07 16:27 . 2010-06-07 16:27 128352 ----a-w- c:\windows\system32\332D6.dll 2010-06-07 16:27 . 2010-06-07 16:27 54624 ----a-w- c:\windows\system32\332D6.sys 2010-06-07 14:44 . 2010-06-07 14:43 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-04 10:01 . 2010-06-04 16:33 -------- d-----w- c:\windows\BDOSCAN8 2010-06-02 10:34 . 2010-06-02 10:34 -------- d-----w- c:\program files\Stop Motion Animator 2010-05-26 13:03 . 2010-05-07 22:40 311296 ----a-w- c:\windows\system32\TubeFinder.exe 2010-05-26 13:03 . 2009-06-19 17:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL 2010-05-26 13:03 . 2010-05-26 13:04 -------- d-----w- c:\documents and settings\vince\Application Data\FreeFLVConverter 2010-05-26 13:03 . 2010-05-26 13:03 -------- d-----w- c:\program files\Free FLV Converter 2010-05-25 11:07 . 2010-05-25 11:07 -------- d-----w- c:\documents and settings\Administrateur\Application Data\TuneUp Software 2010-05-20 13:55 . 2010-05-20 13:55 -------- d-----w- c:\windows\system32\wbem\Repository 2010-05-20 13:32 . 2010-05-20 13:32 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-05-20 13:30 . 2010-05-20 13:30 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache 2010-05-18 16:45 . 2010-05-18 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2010-05-18 16:45 . 2010-05-20 13:53 -------- d-----w- c:\program files\NVIDIA Corporation . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-08 10:37 . 2006-11-03 18:53 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-07 19:11 . 2010-02-04 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-07 16:12 . 2007-02-01 18:01 -------- d-----w- c:\program files\Google 2010-06-07 16:07 . 2008-01-09 10:41 -------- d-----w- c:\program files\Microsoft ActiveSync 2010-06-07 15:01 . 2010-01-26 10:25 -------- d-----w- c:\documents and settings\vince\Application Data\HPAppData 2010-06-07 14:44 . 2007-01-03 10:00 -------- d-----w- c:\program files\Fichiers communs\Java 2010-06-07 14:44 . 2010-06-07 14:44 503808 ----a-w- c:\documents and settings\vince\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5ed489d8-n\msvcp71.dll 2010-06-07 14:44 . 2010-06-07 14:44 499712 ----a-w- c:\documents and settings\vince\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5ed489d8-n\jmc.dll 2010-06-07 14:44 . 2010-06-07 14:44 348160 ----a-w- c:\documents and settings\vince\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5ed489d8-n\msvcr71.dll 2010-06-07 14:44 . 2010-06-07 14:44 61440 ----a-w- c:\documents and settings\vince\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4560e9bd-n\decora-sse.dll 2010-06-07 14:44 . 2010-06-07 14:44 12800 ----a-w- c:\documents and settings\vince\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4560e9bd-n\decora-d3d.dll 2010-05-31 13:28 . 2006-03-02 12:00 95104 ----a-w- c:\windows\system32\perfc00C.dat 2010-05-31 13:28 . 2006-03-02 12:00 535928 ----a-w- c:\windows\system32\perfh00C.dat 2010-05-31 09:50 . 2009-11-12 11:31 1 ----a-w- c:\documents and settings\vince\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-05-28 14:45 . 2009-02-13 11:05 -------- d-----w- c:\documents and settings\vince\Application Data\FileZilla 2010-05-27 12:58 . 2010-03-26 11:15 443912 ----a-w- c:\documents and settings\vince\Application Data\Real\Update\setup3.10\setup.exe 2010-05-26 09:49 . 2008-09-30 15:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-25 15:23 . 2009-11-23 18:13 -------- d-----w- c:\program files\XMind 2010-05-25 11:06 . 2008-01-17 10:06 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-25 10:53 . 2007-01-03 10:00 -------- d-----w- c:\program files\Java 2010-05-20 09:09 . 2010-05-20 09:09 16 ----a-w- c:\documents and settings\vince\Application Data\qvjsge.dat 2010-04-29 13:39 . 2008-09-30 15:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2008-09-30 15:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-16 08:50 . 2010-04-15 18:42 -------- d-----w- c:\program files\Runtime Software 2010-04-15 18:34 . 2010-04-15 18:34 -------- d-----w- c:\documents and settings\vince\Application Data\CheeseSoft 2010-04-15 18:34 . 2010-04-15 18:34 -------- d-----w- c:\program files\Recoveryer Ultimate Edition 2010-04-15 18:31 . 2010-04-15 18:31 -------- d-----w- c:\documents and settings\vince\Application Data\Yahoo! 2010-04-07 19:08 . 2010-04-07 19:08 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys 2010-04-07 19:07 . 2010-04-07 19:07 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2010-04-07 19:03 . 2010-04-07 19:03 139192 ----a-w- c:\windows\system32\drivers\eamon.sys 2010-03-31 13:53 . 2010-03-31 13:53 503808 ----a-w- c:\documents and settings\vince\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2cab1904-n\msvcp71.dll 2010-03-31 13:53 . 2010-03-31 13:53 499712 ----a-w- c:\documents and settings\vince\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2cab1904-n\jmc.dll 2010-03-31 13:53 . 2010-03-31 13:53 348160 ----a-w- c:\documents and settings\vince\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2cab1904-n\msvcr71.dll 2010-03-31 13:53 . 2010-03-31 13:53 61440 ----a-w- c:\documents and settings\vince\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7bbaf12d-n\decora-sse.dll 2010-03-31 13:53 . 2010-03-31 13:53 12800 ----a-w- c:\documents and settings\vince\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7bbaf12d-n\decora-d3d.dll 2010-03-30 14:23 . 2006-11-05 17:27 104336 ----a-w- c:\documents and settings\vince\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-26 20:02 . 2009-09-09 17:02 1256336 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] 2009-11-03 19:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-05-27 16208384] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2007-04-27 282624] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-23 185896] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312] "AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-03 38840] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "nwiz"="nwiz.exe" [2009-06-10 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-12 805392] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 00:42 72208 ----a-w- c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\e:\0autocheck autochk /p \??\F:\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2009-11-20 09:40 2356088 ----a-w- c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure] 2006-06-02 08:46 385024 ------r- c:\windows\system32\JMRaidTool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-03-11 20:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-04-27 07:41 282624 ----a-w- c:\program files\QuickTime Alternative\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gupdate1c9307599cbd86"=2 (0x2) "Bonjour Service"=2 (0x2) "Adobe LM Service"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Autodesk\\backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\backburner\\server.exe"= "c:\\Program Files\\Autodesk\\3dsMax8\\VRLServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\LeechFTP\\Leechftp.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "c:\\Program Files\\ArchVision\\ArchVision Content Manager\\rpcACMapp.exe"= "c:\\Program Files\\ArchVision\\ArchVision Content Manager\\rpcACMftp.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Chaos Group\\V-Ray\\3dsmax R9 for x86\\vrlserver.exe"= "c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"= "c:\\Program Files\\Chaos Group\\V-Ray\\3dsmax R8 for x86\\vrlserver.exe"= "c:\\Program Files\\Resolume 2.3\\resolume.exe"= "c:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\wamp\\Apache2\\bin\\httpd.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Fritivi\\fritivi.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Documents and Settings\\vince\\Mes documents\\multi touch\\CCV-1.2-win-bin\\CCV-1.2-win-bin\\Community Core Vision\\Community Core Vision.exe"= "c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"= "c:\\Program Files\\Chaos Group\\V-Ray\\3dsmax 2009 for x86\\VRLServer.exe"= "c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"= "c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"= "c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [07/04/2010 21:07 114984] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [07/04/2010 21:08 95872] R2 ArchVision Content Manager Service;ArchVision Content Manager Service;c:\program files\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path "c:\program files\ArchVision\ArchVision Content Manager\" --> c:\program files\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path c:\program files\ArchVision\ArchVision Content Manager\ [?] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [07/04/2010 21:07 810120] R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [02/12/2008 18:59 6016] S2 gupdate1c9307599cbd86;Google Update Service (gupdate1c9307599cbd86);c:\program files\Google\Update\GoogleUpdate.exe [17/10/2008 18:25 133104] S2 IPClampService;IPCLAMP by cebas Computer GmbH;c:\progra~1\cebas\ip-clamp\ipclamp.exe [26/02/2008 18:57 45188] S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [10/03/2008 01:04 65536] S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 18:36 86016] S3 332D6;332D6;c:\windows\system32\332D6.sys [07/06/2010 18:27 54624] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 06:46 284016] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [29/10/2009 11:22 30603640] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/01/2007 19:31 42000] S3 osppsvc;Office Software Protection Platform;c:\program files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 05:28 4639136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' 2010-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42] 2010-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-10-17 16:25] 2010-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-10-17 16:25] 2010-06-04 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-06 02:50] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Settings,ProxyOverride = *.local Trusted Zone: gouv.fr\inscriptionpart.impots TCP: {48679F50-2337-49F4-92D7-0CA378E24376} = 212.27.53.252,212.27.54.252 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.DLL DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775F} - hxxp://www.systemrequirementslab.com/sysreqlabsli.cab FF - ProfilePath - c:\documents and settings\vince\Application Data\Mozilla\Firefox\Profiles\b768io32.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . . ------- Associations de fichier ------- . .scr=AutoCADScriptFile . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-Locked - (no file) HKLM-Run-Kernel and Hardware Abstraction Layer - KHALMNPR.EXE HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE AddRemove-ST6UNST #1 - c:\windows\st6unst.exe AddRemove-V-Ray for 3dsmax 2009 for x86 - c:\program files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\wininstaller.exe-uninstall=c:\program files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\install.log AddRemove-V-Ray for 3dsmax R8 for x86 - c:\program files\Chaos Group\V-Ray\3dsmax R8 for x86\uninstall\wininstaller.exe-uninstall=c:\program files\Chaos Group\V-Ray\3dsmax R8 for x86\uninstall\install.log ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-08 14:20 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A877D01]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xb80fcf28 \Driver\ACPI -> ACPI.sys @ 0xb7f7ecb8 \Driver\atapi -> atapi.sys @ 0xb7f10852 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7e04bb0 PacketIndicateHandler -> NDIS.sys @ 0xb7df3a0d SendHandler -> NDIS.sys @ 0xb7e07b40 user & kernel MBR OK ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(832) c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Heure de fin: 2010-06-08 14:32:23 ComboFix-quarantined-files.txt 2010-06-08 12:32 Avant-CF: 19 027 357 696 octets libres Après-CF: 19 006 398 464 octets libres - - End Of File - - 5FB9470A881DF778901EC0EEC56AB913 merci d avance à vous tous
- le 8 juin 2010
- 4 réponses

Connexion

vincedub

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par vincedub

pc infecte rootkit page de pub

pc infecte rootkit page de pub

pc infecte rootkit page de pub

Zebulon

Outils en ligne

Naviguer