Copro
-
Compteur de contenus
4 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Copro
-
Redirection des liens google vers de la pub
Copro a répondu à un(e) sujet de Copro dans Analyses et éradication malwares
Voici le rapport du scan effectué. Et encore merci pour le temps qui m'est consacré ! ComboFix 10-09-04.06 - Famille 06/09/2010 21:46:01.3.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.990.648 [GMT 2:00] Lancé depuis: c:\documents and settings\Famille\Bureau\Copro.exe Commutateurs utilisés :: c:\documents and settings\Famille\Bureau\CFScript.txt * Un nouveau point de restauration a été créé FILE :: "c:\windows\debug.exe" "c:\windows\vmm32dll.exe" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Famille\Local Settings\Application Data\bcadamssm c:\documents and settings\Famille\Local Settings\Application Data\lprdafgmf c:\documents and settings\Famille\Local Settings\Application Data\ypudaegka c:\windows\debug.exe c:\windows\vmm32dll.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-06 au 2010-09-06 )))))))))))))))))))))))))))))))))))) . 2010-09-04 14:00 . 2010-09-04 14:00 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2010-08-30 01:26 . 2010-08-30 01:26 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE 2010-08-30 01:26 . 2010-08-30 01:26 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache 2010-08-30 01:22 . 2010-08-30 01:22 -------- d--h--w- c:\windows\msdownld.tmp 2010-08-30 01:21 . 2010-06-24 12:17 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-08-30 01:21 . 2010-06-24 12:17 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll 2010-08-30 01:18 . 2010-08-30 01:18 86576 ----a-w- c:\documents and settings\Administrateur\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe 2010-08-30 01:18 . 2010-08-30 01:18 392728 ----a-w- c:\documents and settings\Administrateur\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll 2010-08-30 01:18 . 2010-08-30 01:18 132672 ----a-w- c:\documents and settings\Administrateur\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe 2010-08-30 01:13 . 2010-08-30 01:13 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla 2010-08-29 15:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-29 15:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-27 13:35 . 2010-08-27 13:35 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-08-27 07:15 . 2010-08-27 07:15 -------- d-----r- c:\documents and settings\LocalService\Favoris 2010-08-24 14:11 . 2010-08-24 14:11 0 ----a-w- c:\windows\nsreg.dat 2010-08-24 14:11 . 2010-08-24 14:11 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\Mozilla 2010-08-09 21:10 . 2010-08-09 21:10 503808 ----a-w- c:\documents and settings\Famille_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fbdcc80-n\msvcp71.dll 2010-08-09 21:10 . 2010-08-09 21:10 499712 ----a-w- c:\documents and settings\Famille_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fbdcc80-n\jmc.dll 2010-08-09 21:10 . 2010-08-09 21:10 348160 ----a-w- c:\documents and settings\Famille_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fbdcc80-n\msvcr71.dll 2010-08-09 21:10 . 2010-08-09 21:10 61440 ----a-w- c:\documents and settings\Famille_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2edcf6b6-n\decora-sse.dll 2010-08-09 21:10 . 2010-08-09 21:10 12800 ----a-w- c:\documents and settings\Famille_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2edcf6b6-n\decora-d3d.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-06 13:25 . 2008-09-05 17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-05 21:31 . 2010-08-27 12:34 112 ----a-w- c:\documents and settings\All Users\Application Data\5fKjM15.dat 2010-09-05 18:58 . 2010-08-03 00:47 -------- d-----w- c:\program files\iTunes 2010-09-05 18:58 . 2009-09-29 08:14 -------- d-----w- c:\program files\QuickTime 2010-09-04 16:15 . 2010-04-02 08:25 1 ----a-w- c:\documents and settings\Famille_2\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-09-04 13:46 . 2010-01-20 20:33 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-02 17:33 . 2010-07-27 19:37 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-30 01:36 . 2006-03-02 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat 2010-08-30 01:36 . 2006-03-02 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat 2010-08-29 17:13 . 2006-03-02 12:00 54144 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2010-08-11 02:36 . 2009-11-19 18:22 -------- d-----w- c:\documents and settings\Famille\Application Data\Apple Computer 2010-08-05 02:16 . 2010-08-05 02:16 503808 ----a-w- c:\documents and settings\Famille\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22890ab1-n\msvcp71.dll 2010-08-05 02:16 . 2010-08-05 02:16 499712 ----a-w- c:\documents and settings\Famille\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22890ab1-n\jmc.dll 2010-08-05 02:16 . 2010-08-05 02:16 348160 ----a-w- c:\documents and settings\Famille\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22890ab1-n\msvcr71.dll 2010-08-05 02:16 . 2010-08-05 02:16 61440 ----a-w- c:\documents and settings\Famille\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33ee667a-n\decora-sse.dll 2010-08-05 02:16 . 2010-08-05 02:16 12800 ----a-w- c:\documents and settings\Famille\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33ee667a-n\decora-d3d.dll 2010-08-04 00:11 . 2007-10-19 17:19 -------- d-----w- c:\program files\Paint Shop Pro 5 2010-08-03 23:20 . 2010-08-03 18:26 -------- d-----w- c:\program files\Canon 2010-08-03 23:19 . 2010-08-03 18:25 664 ----a-w- c:\documents and settings\Famille_2\Local Settings\Application Data\d3d9caps.tmp 2010-08-03 18:29 . 2010-08-03 18:29 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2010-08-03 18:28 . 2010-08-03 18:28 -------- d--h--w- c:\program files\CanonBJ 2010-08-03 01:27 . 2009-12-19 20:23 -------- d-----w- c:\documents and settings\Famille_2\Application Data\Apple Computer 2010-08-03 00:48 . 2010-08-03 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-08-03 00:47 . 2010-08-03 00:47 -------- d-----w- c:\program files\iPod 2010-08-03 00:47 . 2009-09-29 08:14 -------- d-----w- c:\program files\Fichiers communs\Apple 2010-08-03 00:47 . 2010-08-03 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-08-03 00:45 . 2010-08-03 00:45 -------- d-----w- c:\program files\Apple Software Update 2010-08-03 00:45 . 2010-08-03 00:45 -------- d-----w- c:\program files\Bonjour 2010-07-21 14:30 . 2010-07-21 14:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-06-30 12:32 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:17 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:17 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-06-24 09:02 . 2006-03-02 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2007-10-19 09:05 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:42 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll . ((((((((((((((((((((((((((((( SnapShot@2010-09-05_18.58.16 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-06 18:29 . 2010-09-06 18:29 16384 c:\windows\Temp\Perflib_Perfdata_6e0.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 577536] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 344064] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-08-30 202256] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Famille\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage d'Office.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-1-27 51984] Microsoft Recherche acc‚l‚r‚e.lnk - c:\program files\Microsoft Office\Office\Findfast.exe [1997-1-27 111376] Reboot.exe [2004-10-1 334336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/11/2009 23:56 135664] . Contenu du dossier 'Tâches planifiées' 2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 21:56] 2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 21:56] 2010-09-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1214440339-725345543-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-09-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1214440339-725345543-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-08-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-1214440339-725345543-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-08-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-1214440339-725345543-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] . . ------- Examen supplémentaire ------- . uStart Page = file:///D:/DocAlain/DocIndex.htm uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:6522 FF - ProfilePath - c:\documents and settings\Famille\Application Data\Mozilla\Firefox\Profiles\464b2mpn.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-06 21:49 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(492) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2010-09-06 21:50:43 ComboFix-quarantined-files.txt 2010-09-06 19:50 ComboFix2.txt 2010-09-06 13:32 ComboFix3.txt 2010-09-05 19:03 Avant-CF: 6 054 219 776 octets libres Après-CF: 6 075 432 960 octets libres - - End Of File - - 98561FD8BF507355A5FFD54C151143C2 -
Redirection des liens google vers de la pub
Copro a répondu à un(e) sujet de Copro dans Analyses et éradication malwares
Voici le fichier demandé : ComboFix 10-09-04.06 - Famille 06/09/2010 15:25:20.2.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.990.676 [GMT 2:00] Lancé depuis: c:\documents and settings\Famille\Bureau\Copro.exe Commutateurs utilisés :: c:\documents and settings\Famille\Bureau\CFScript.txt FILE :: "c:\documents and settings\Famille\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk" "c:\windows\pss\Antimalware Doctor.lnkStartup" "c:\windows\system32\PL7IJ2V2.com" "c:\windows\Wsirua.exe" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\DDT0djaB.exe c:\documents and settings\Famille\Application Data\aayifebjd c:\documents and settings\Famille\Application Data\elkkfjlog c:\documents and settings\Famille\Application Data\iemhxfycv c:\documents and settings\Famille\Application Data\ifmdjwwta c:\documents and settings\Famille\Application Data\jasjflaqa c:\documents and settings\Famille\Application Data\krrixnlkh c:\documents and settings\Famille\Application Data\obyvaphcf c:\documents and settings\Famille\Application Data\oqbixflbg c:\documents and settings\Famille\Application Data\ppinhxnjw c:\documents and settings\Famille\Application Data\qpcdmgobr c:\documents and settings\Famille\Application Data\rnevaxukr c:\documents and settings\Famille\Application Data\rseckpkms c:\documents and settings\Famille\Application Data\rxtybytaw c:\documents and settings\Famille\Application Data\tnkigenks c:\documents and settings\Famille\Application Data\unmlbumtg c:\documents and settings\Famille\Application Data\uxskfqxun c:\documents and settings\Famille\Application Data\vxdybptqv c:\documents and settings\Famille\Application Data\xntigvnbq c:\documents and settings\Famille\Application Data\yvmyffprb c:\documents and settings\Famille\Local Settings\Application Data\aayifebjd c:\documents and settings\Famille\Local Settings\Application Data\apbkxjjft c:\documents and settings\Famille\Local Settings\Application Data\axnybgsht c:\documents and settings\Famille\Local Settings\Application Data\beadjmviu c:\documents and settings\Famille\Local Settings\Application Data\cmexycsof c:\documents and settings\Famille\Local Settings\Application Data\dqeejuiqg c:\documents and settings\Famille\Local Settings\Application Data\dqeixdkyc c:\documents and settings\Famille\Local Settings\Application Data\elkkfjlog c:\documents and settings\Famille\Local Settings\Application Data\faiifuaab c:\documents and settings\Famille\Local Settings\Application Data\fcqohfaqe c:\documents and settings\Famille\Local Settings\Application Data\fnrqgtlej c:\documents and settings\Famille\Local Settings\Application Data\grhcjojlo c:\documents and settings\Famille\Local Settings\Application Data\hbwqgcxmu c:\documents and settings\Famille\Local Settings\Application Data\hmnifdnin c:\documents and settings\Famille\Local Settings\Application Data\hyokfryws c:\documents and settings\Famille\Local Settings\Application Data\iemhxfycv c:\documents and settings\Famille\Local Settings\Application Data\ifmdjwwta c:\documents and settings\Famille\Local Settings\Application Data\jasjflaqa c:\documents and settings\Famille\Local Settings\Application Data\jbvlwgubv c:\documents and settings\Famille\Local Settings\Application Data\krrdjfjcm c:\documents and settings\Famille\Local Settings\Application Data\krrixnlkh c:\documents and settings\Famille\Local Settings\Application Data\llxxykrwc c:\documents and settings\Famille\Local Settings\Application Data\mbvhgfblh c:\documents and settings\Famille\Local Settings\Application Data\mfvdjnvky c:\documents and settings\Famille\Local Settings\Application Data\obyvaphcf c:\documents and settings\Famille\Local Settings\Application Data\oddjxtwpl c:\documents and settings\Famille\Local Settings\Application Data\oqbixflbg c:\documents and settings\Famille\Local Settings\Application Data\ppinhxnjw c:\documents and settings\Famille\Local Settings\Application Data\qpcdmgobr c:\documents and settings\Famille\Local Settings\Application Data\rbilbmalt c:\documents and settings\Famille\Local Settings\Application Data\rnevaxukr c:\documents and settings\Famille\Local Settings\Application Data\rseckpkms c:\documents and settings\Famille\Local Settings\Application Data\rwolewwbg c:\documents and settings\Famille\Local Settings\Application Data\spkxqtvrq c:\documents and settings\Famille\Local Settings\Application Data\tkyybhgij c:\documents and settings\Famille\Local Settings\Application Data\tnkigenks c:\documents and settings\Famille\Local Settings\Application Data\unmlbumtg c:\documents and settings\Famille\Local Settings\Application Data\uxskfqxun c:\documents and settings\Famille\Local Settings\Application Data\vaoignbse c:\documents and settings\Famille\Local Settings\Application Data\vcwohwaih c:\documents and settings\Famille\Local Settings\Application Data\vprjxsjov c:\documents and settings\Famille\Local Settings\Application Data\vxdybptqv c:\documents and settings\Famille\Local Settings\Application Data\warmbdycs c:\documents and settings\Famille\Local Settings\Application Data\xasvywhkc c:\documents and settings\Famille\Local Settings\Application Data\xmuwylsxh c:\documents and settings\Famille\Local Settings\Application Data\xntigvnbq c:\documents and settings\Famille\Local Settings\Application Data\xrudjdiai c:\documents and settings\Famille\Local Settings\Application Data\ynwmblmkf c:\documents and settings\Famille\Local Settings\Application Data\yvmyffprb c:\documents and settings\Famille_2\Application Data\pfbutnwfa c:\documents and settings\Famille_2\Application Data\rsgvtvjnl c:\documents and settings\Famille_2\Local Settings\Application Data\fpjqnujva c:\documents and settings\Famille_2\Local Settings\Application Data\gsftsjtop c:\documents and settings\Famille_2\Local Settings\Application Data\hcnqndwel c:\documents and settings\Famille_2\Local Settings\Application Data\lsourbtfo c:\documents and settings\Famille_2\Local Settings\Application Data\pfbutnwfa c:\documents and settings\Famille_2\Local Settings\Application Data\rsgvtvjnl c:\documents and settings\Famille_2\Local Settings\Application Data\tflvtewvx c:\documents and settings\Famille_2\Local Settings\Application Data\uhoontlly c:\documents and settings\Famille_2\Local Settings\Application Data\vspvtmjek c:\windows\Fonts\PL7IJ2V2.com c:\windows\pss\Antimalware Doctor.lnkStartup c:\windows\system32\PL7IJ2V2.com c:\windows\Tasks\At2353.job c:\windows\Tasks\At2354.job c:\windows\Tasks\At2355.job c:\windows\Tasks\At2356.job c:\windows\Tasks\At2357.job c:\windows\Tasks\At2358.job c:\windows\Tasks\At2359.job c:\windows\Tasks\At2360.job c:\windows\Tasks\At2361.job c:\windows\Tasks\At2362.job c:\windows\Tasks\At2363.job c:\windows\Tasks\At2364.job c:\windows\Tasks\At2365.job c:\windows\Tasks\At2366.job c:\windows\Tasks\At2367.job c:\windows\Tasks\At2368.job c:\windows\Tasks\At2369.job c:\windows\Tasks\At2370.job c:\windows\Tasks\At2371.job c:\windows\Tasks\At2372.job c:\windows\Tasks\At2373.job c:\windows\Tasks\At2374.job c:\windows\Tasks\At2375.job c:\windows\Tasks\At2376.job c:\windows\Tasks\At2377.job c:\windows\Tasks\At2378.job c:\windows\Tasks\At2379.job c:\windows\Tasks\At2380.job c:\windows\Tasks\At2381.job c:\windows\Tasks\At2382.job c:\windows\Tasks\At2383.job c:\windows\Tasks\At2384.job c:\windows\Tasks\At2385.job c:\windows\Tasks\At2386.job c:\windows\Tasks\At2387.job c:\windows\Tasks\At2388.job c:\windows\Tasks\At2389.job c:\windows\Tasks\At2390.job c:\windows\Tasks\At2391.job c:\windows\Tasks\At2392.job c:\windows\Tasks\At2393.job c:\windows\Tasks\At2394.job c:\windows\Tasks\At2395.job c:\windows\Tasks\At2396.job c:\windows\Tasks\At2397.job c:\windows\Tasks\At2398.job c:\windows\Tasks\At2399.job c:\windows\Tasks\At2400.job c:\windows\Tasks\At49.job c:\windows\Tasks\At50.job c:\windows\Tasks\At51.job c:\windows\Tasks\At52.job c:\windows\Tasks\At53.job c:\windows\Tasks\At54.job c:\windows\Tasks\At55.job c:\windows\Tasks\At56.job c:\windows\Tasks\At57.job c:\windows\Tasks\At58.job c:\windows\Tasks\At59.job c:\windows\Tasks\At61.job c:\windows\Tasks\At63.job c:\windows\Tasks\At65.job c:\windows\Tasks\At67.job c:\windows\Tasks\At69.job c:\windows\Tasks\At71.job c:\windows\Tasks\At73.job c:\windows\Tasks\At75.job c:\windows\Tasks\At79.job c:\windows\Tasks\At82.job c:\windows\Tasks\At85.job c:\windows\Tasks\At88.job c:\windows\Tasks\At91.job c:\windows\Wsirua.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PESRW -------\Service_pesrw ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-06 au 2010-09-06 )))))))))))))))))))))))))))))))))))) . 2010-09-04 14:00 . 2010-09-04 14:00 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2010-08-30 23:27 . 2010-08-30 23:27 16721 ----a-w- c:\windows\vmm32dll.exe 2010-08-30 01:26 . 2010-08-30 01:26 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE 2010-08-30 01:26 . 2010-08-30 01:26 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache 2010-08-30 01:22 . 2010-08-30 01:22 -------- d--h--w- c:\windows\msdownld.tmp 2010-08-30 01:21 . 2010-06-24 12:17 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-08-30 01:21 . 2010-06-24 12:17 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll 2010-08-30 01:18 . 2010-08-30 01:18 86576 ----a-w- c:\documents and settings\Administrateur\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe 2010-08-30 01:18 . 2010-08-30 01:18 392728 ----a-w- c:\documents and settings\Administrateur\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll 2010-08-30 01:18 . 2010-08-30 01:18 132672 ----a-w- c:\documents and settings\Administrateur\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe 2010-08-30 01:13 . 2010-08-30 01:13 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla 2010-08-29 15:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-29 15:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-27 13:35 . 2010-08-27 13:35 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-08-27 07:15 . 2010-08-27 07:15 -------- d-----r- c:\documents and settings\LocalService\Favoris 2010-08-27 06:36 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\lprdafgmf 2010-08-27 06:36 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\ypudaegka 2010-08-27 06:36 . 2010-08-27 14:33 35848 ----a-w- c:\windows\debug.exe 2010-08-27 06:36 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\bcadamssm 2010-08-24 14:11 . 2010-08-24 14:11 0 ----a-w- c:\windows\nsreg.dat 2010-08-24 14:11 . 2010-08-24 14:11 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\Mozilla 2010-08-09 21:10 . 2010-08-09 21:10 503808 ----a-w- c:\documents and settings\Famille_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fbdcc80-n\msvcp71.dll 2010-08-09 21:10 . 2010-08-09 21:10 499712 ----a-w- c:\documents and settings\Famille_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fbdcc80-n\jmc.dll 2010-08-09 21:10 . 2010-08-09 21:10 348160 ----a-w- c:\documents and settings\Famille_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fbdcc80-n\msvcr71.dll 2010-08-09 21:10 . 2010-08-09 21:10 61440 ----a-w- c:\documents and settings\Famille_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2edcf6b6-n\decora-sse.dll 2010-08-09 21:10 . 2010-08-09 21:10 12800 ----a-w- c:\documents and settings\Famille_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2edcf6b6-n\decora-d3d.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-06 13:25 . 2008-09-05 17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-05 21:31 . 2010-08-27 12:34 112 ----a-w- c:\documents and settings\All Users\Application Data\5fKjM15.dat 2010-09-05 18:58 . 2010-08-03 00:47 -------- d-----w- c:\program files\iTunes 2010-09-05 18:58 . 2009-09-29 08:14 -------- d-----w- c:\program files\QuickTime 2010-09-04 16:15 . 2010-04-02 08:25 1 ----a-w- c:\documents and settings\Famille_2\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-09-04 13:46 . 2010-01-20 20:33 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-02 17:33 . 2010-07-27 19:37 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-30 01:36 . 2006-03-02 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat 2010-08-30 01:36 . 2006-03-02 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat 2010-08-29 17:13 . 2006-03-02 12:00 54144 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2010-08-11 02:36 . 2009-11-19 18:22 -------- d-----w- c:\documents and settings\Famille\Application Data\Apple Computer 2010-08-05 02:16 . 2010-08-05 02:16 503808 ----a-w- c:\documents and settings\Famille\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22890ab1-n\msvcp71.dll 2010-08-05 02:16 . 2010-08-05 02:16 499712 ----a-w- c:\documents and settings\Famille\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22890ab1-n\jmc.dll 2010-08-05 02:16 . 2010-08-05 02:16 348160 ----a-w- c:\documents and settings\Famille\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22890ab1-n\msvcr71.dll 2010-08-05 02:16 . 2010-08-05 02:16 61440 ----a-w- c:\documents and settings\Famille\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33ee667a-n\decora-sse.dll 2010-08-05 02:16 . 2010-08-05 02:16 12800 ----a-w- c:\documents and settings\Famille\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33ee667a-n\decora-d3d.dll 2010-08-04 00:11 . 2007-10-19 17:19 -------- d-----w- c:\program files\Paint Shop Pro 5 2010-08-03 23:20 . 2010-08-03 18:26 -------- d-----w- c:\program files\Canon 2010-08-03 23:19 . 2010-08-03 18:25 664 ----a-w- c:\documents and settings\Famille_2\Local Settings\Application Data\d3d9caps.tmp 2010-08-03 18:29 . 2010-08-03 18:29 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2010-08-03 18:28 . 2010-08-03 18:28 -------- d--h--w- c:\program files\CanonBJ 2010-08-03 01:27 . 2009-12-19 20:23 -------- d-----w- c:\documents and settings\Famille_2\Application Data\Apple Computer 2010-08-03 00:48 . 2010-08-03 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-08-03 00:47 . 2010-08-03 00:47 -------- d-----w- c:\program files\iPod 2010-08-03 00:47 . 2009-09-29 08:14 -------- d-----w- c:\program files\Fichiers communs\Apple 2010-08-03 00:47 . 2010-08-03 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-08-03 00:45 . 2010-08-03 00:45 -------- d-----w- c:\program files\Apple Software Update 2010-08-03 00:45 . 2010-08-03 00:45 -------- d-----w- c:\program files\Bonjour 2010-07-21 14:30 . 2010-07-21 14:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-06-30 12:32 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:17 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:17 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-06-24 09:02 . 2006-03-02 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2007-10-19 09:05 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:42 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll . ((((((((((((((((((((((((((((( SnapShot@2010-09-05_18.58.16 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-06 13:29 . 2010-09-06 13:29 16384 c:\windows\Temp\Perflib_Perfdata_50c.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vmm32dll"="c:\windows\vmm32dll.exe" [2010-08-30 16721] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 577536] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 344064] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-08-30 202256] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Famille\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage d'Office.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-1-27 51984] Microsoft Recherche acc‚l‚r‚e.lnk - c:\program files\Microsoft Office\Office\Findfast.exe [1997-1-27 111376] Reboot.exe [2004-10-1 334336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/11/2009 23:56 135664] . Contenu du dossier 'Tâches planifiées' 2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 21:56] 2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 21:56] 2010-09-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1214440339-725345543-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-09-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1214440339-725345543-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-08-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-1214440339-725345543-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-08-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-1214440339-725345543-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] . . ------- Examen supplémentaire ------- . uStart Page = file:///D:/DocAlain/DocIndex.htm uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:6522 FF - ProfilePath - c:\documents and settings\Famille\Application Data\Mozilla\Firefox\Profiles\464b2mpn.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-newsecureapp70700 - c:\documents and settings\Famille\Application Data\E96E5231DDBA03CBE4280AFE939079A2\newsecureapp70700 .exe MSConfigStartUp-newsecureapp70700 - c:\documents and settings\Famille\Application Data\E96E5231DDBA03CBE4280AFE939079A2\newsecureapp70700 .exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-06 15:30 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(496) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3804) c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe c:\windows\system32\Ati2evxx.exe c:\windows\SOUNDMAN.EXE . ************************************************************************** . Heure de fin: 2010-09-06 15:32:23 - La machine a redémarré ComboFix-quarantined-files.txt 2010-09-06 13:32 ComboFix2.txt 2010-09-05 19:03 Avant-CF: 5 973 860 352 octets libres Après-CF: 6 115 491 840 octets libres - - End Of File - - A2FDF10A1D08DB505073469FBFFF20C9 -
Redirection des liens google vers de la pub
Copro a répondu à un(e) sujet de Copro dans Analyses et éradication malwares
Tout d'abord, merci pour l'attention et l'aide apportées à mon problème ! Voici le rapport de Combofix : ComboFix 10-09-04.06 - Famille 05/09/2010 20:54:00.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.990.596 [GMT 2:00] Lancé depuis: c:\documents and settings\Famille\Bureau\Copro.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\DDT0djaB.exe c:\documents and settings\All Users\Application Data\PL7IJ2V2.exe c:\documents and settings\Famille\Application Data\E96E5231DDBA03CBE4280AFE939079A2 c:\documents and settings\Famille\Application Data\E96E5231DDBA03CBE4280AFE939079A2\enemies-names.txt c:\documents and settings\Famille\Application Data\E96E5231DDBA03CBE4280AFE939079A2\local.ini c:\documents and settings\Famille\Application Data\E96E5231DDBA03CBE4280AFE939079A2\lsrslt.ini c:\documents and settings\Famille\Application Data\E96E5231DDBA03CBE4280AFE939079A2\newsecureapp70700 .exe c:\documents and settings\Famille\Application Data\E96E5231DDBA03CBE4280AFE939079A2\newsecureapp70700 .exe c:\documents and settings\Famille\Application Data\E96E5231DDBA03CBE4280AFE939079A2\newsecureapp70700 .exe c:\documents and settings\Famille\Application Data\E96E5231DDBA03CBE4280AFE939079A2\newsecureapp70700.exe c:\documents and settings\Famille\Local Settings\Application Data\rxtybytaw c:\documents and settings\Famille\Local Settings\Application Data\rxtybytaw\xurnlfmshdw.exe c:\documents and settings\Famille\Local Settings\Application Data\Windows Server c:\documents and settings\Famille\Local Settings\Application Data\Windows Server\flags.ini c:\documents and settings\Famille\Local Settings\Application Data\Windows Server\server.dat c:\documents and settings\Famille\Local Settings\Application Data\Windows Server\uses32.dat c:\documents and settings\Famille_2\Local Settings\Application Data\PL7IJ2V2.exe c:\documents and settings\NetworkService\Local Settings\Application Data\PL7IJ2V2.exe c:\program files\iTunes\iTunesHelper.exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask.exe c:\windows\aaikxrtshdw .exe c:\windows\aaikxrtshdw.exe c:\windows\aaypwbbshdw .exe c:\windows\aaypwbbshdw.exe c:\windows\atymtteshdw .exe c:\windows\atymtteshdw.exe c:\windows\dnorblishdw .exe c:\windows\dnorblishdw.exe c:\windows\fxwkvrkshdw .exe c:\windows\nvsvc32.exe c:\windows\rocghvqshdw .exe c:\windows\rocghvqshdw.exe c:\windows\system32\config\systemprofile\PL7IJ2V2.com c:\windows\system32\scrrnfr.dll c:\windows\ufelehsshdw.exe c:\windows\unsfmkushdw .exe c:\windows\unsfmkushdw.exe c:\windows\Wsiruc.exe c:\windows\xurnlfmshdw .exe c:\windows\yeouyugshdw .exe c:\windows\yeouyugshdw.exe c:\windows\yexpalyshdw .exe c:\windows\yexpalyshdw.exe <pre> c:\program files\iTunes\iTunesHelper .exe ---^> c:\program files\iTunes\iTunesHelper.exe c:\program files\QuickTime\qttask .exe ---^> c:\program files\QuickTime\qttask.exe </pre> . Une copie infectée de c:\windows\system32\winlogon.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\winlogon.exe Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\explorer.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-05 au 2010-09-05 )))))))))))))))))))))))))))))))))))) . 2010-09-04 14:00 . 2010-09-04 14:00 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2010-08-30 23:27 . 2010-08-30 23:27 16721 ----a-w- c:\windows\vmm32dll .exe 2010-08-30 01:26 . 2010-08-30 01:26 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE 2010-08-30 01:26 . 2010-08-30 01:26 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache 2010-08-30 01:22 . 2010-08-30 01:22 -------- d--h--w- c:\windows\msdownld.tmp 2010-08-30 01:21 . 2010-06-24 12:17 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-08-30 01:21 . 2010-06-24 12:17 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll 2010-08-30 01:18 . 2010-08-30 01:18 86576 ----a-w- c:\documents and settings\Administrateur\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe 2010-08-30 01:18 . 2010-08-30 01:18 392728 ----a-w- c:\documents and settings\Administrateur\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll 2010-08-30 01:18 . 2010-08-30 01:18 132672 ----a-w- c:\documents and settings\Administrateur\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe 2010-08-30 01:13 . 2010-08-30 01:13 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla 2010-08-29 17:41 . 2010-08-27 21:07 35860 ----a-w- c:\windows\system32\PL7IJ2V2.com 2010-08-29 15:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-29 15:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-27 21:07 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\mbvhgfblh 2010-08-27 21:07 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\tnkigenks 2010-08-27 21:07 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\tnkigenks 2010-08-27 21:07 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\vaoignbse 2010-08-27 21:07 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\xntigvnbq 2010-08-27 21:07 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\xntigvnbq 2010-08-27 21:07 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\aayifebjd 2010-08-27 21:07 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\aayifebjd 2010-08-27 21:07 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\faiifuaab 2010-08-27 21:07 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\hmnifdnin 2010-08-27 21:07 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\jasjflaqa 2010-08-27 21:07 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\jasjflaqa 2010-08-27 21:06 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\elkkfjlog 2010-08-27 21:06 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\elkkfjlog 2010-08-27 21:06 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\hyokfryws 2010-08-27 21:06 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\uxskfqxun 2010-08-27 21:06 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\uxskfqxun 2010-08-27 21:06 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\rwolewwbg 2010-08-27 21:03 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\iemhxfycv 2010-08-27 21:03 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\iemhxfycv 2010-08-27 21:03 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\krrixnlkh 2010-08-27 21:03 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\krrixnlkh 2010-08-27 21:03 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\oqbixflbg 2010-08-27 21:03 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\oqbixflbg 2010-08-27 21:03 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\dqeixdkyc 2010-08-27 21:03 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\oddjxtwpl 2010-08-27 21:03 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\vprjxsjov 2010-08-27 21:03 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\apbkxjjft 2010-08-27 21:03 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\jbvlwgubv 2010-08-27 21:01 . 2010-09-03 14:01 -------- d-----w- c:\documents and settings\Famille_2\Application Data\pfbutnwfa 2010-08-27 21:01 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille_2\Local Settings\Application Data\pfbutnwfa 2010-08-27 21:01 . 2010-09-03 14:01 -------- d-----w- c:\documents and settings\Famille_2\Application Data\rsgvtvjnl 2010-08-27 21:01 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille_2\Local Settings\Application Data\rsgvtvjnl 2010-08-27 21:01 . 2010-09-03 15:22 -------- d-----w- c:\documents and settings\Famille_2\Local Settings\Application Data\tflvtewvx 2010-08-27 21:01 . 2010-09-03 15:22 -------- d-----w- c:\documents and settings\Famille_2\Local Settings\Application Data\vspvtmjek 2010-08-27 20:39 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\obyvaphcf 2010-08-27 20:39 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\obyvaphcf 2010-08-27 20:39 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\rnevaxukr 2010-08-27 20:39 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\rnevaxukr 2010-08-27 20:39 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\xasvywhkc 2010-08-27 20:39 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\xmuwylsxh 2010-08-27 20:39 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\cmexycsof 2010-08-27 20:39 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\llxxykrwc 2010-08-27 20:35 . 2010-09-03 15:21 -------- d-----w- c:\documents and settings\Famille_2\Local Settings\Application Data\gsftsjtop 2010-08-27 20:35 . 2010-09-03 15:21 -------- d-----w- c:\documents and settings\Famille_2\Local Settings\Application Data\lsourbtfo 2010-08-27 20:18 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\ppinhxnjw 2010-08-27 20:18 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\ppinhxnjw 2010-08-27 20:18 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\vcwohwaih 2010-08-27 20:18 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\fcqohfaqe 2010-08-27 20:18 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\fnrqgtlej 2010-08-27 20:18 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\hbwqgcxmu 2010-08-27 19:19 . 2010-09-03 15:22 -------- d-----w- c:\documents and settings\Famille_2\Local Settings\Application Data\uhoontlly 2010-08-27 18:41 . 2010-09-03 15:21 -------- d-----w- c:\documents and settings\Famille_2\Local Settings\Application Data\fpjqnujva 2010-08-27 18:41 . 2010-09-03 15:21 -------- d-----w- c:\documents and settings\Famille_2\Local Settings\Application Data\hcnqndwel 2010-08-27 18:40 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\rseckpkms 2010-08-27 18:40 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\rseckpkms 2010-08-27 18:40 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\grhcjojlo 2010-08-27 18:40 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\ifmdjwwta 2010-08-27 18:40 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\ifmdjwwta 2010-08-27 18:40 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\krrdjfjcm 2010-08-27 18:40 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\mfvdjnvky 2010-08-27 18:40 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\xrudjdiai 2010-08-27 18:40 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\beadjmviu 2010-08-27 18:40 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\dqeejuiqg 2010-08-27 18:29 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\qpcdmgobr 2010-08-27 18:29 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\qpcdmgobr 2010-08-27 18:25 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\yvmyffprb 2010-08-27 18:25 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\yvmyffprb 2010-08-27 18:11 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\rxtybytaw 2010-08-27 18:11 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\tkyybhgij 2010-08-27 18:11 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\vxdybptqv 2010-08-27 18:11 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\vxdybptqv 2010-08-27 18:11 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\axnybgsht 2010-08-27 16:07 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\rbilbmalt 2010-08-27 16:07 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\warmbdycs 2010-08-27 16:07 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\unmlbumtg 2010-08-27 16:07 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Application Data\unmlbumtg 2010-08-27 16:07 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\ynwmblmkf 2010-08-27 13:35 . 2010-08-27 13:35 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-08-27 12:31 . 2010-08-29 15:29 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\spkxqtvrq 2010-08-27 07:15 . 2010-08-27 07:15 -------- d-----r- c:\documents and settings\LocalService\Favoris 2010-08-27 06:37 . 2010-08-27 06:36 194048 ----a-w- c:\windows\Wsirua.exe 2010-08-24 14:11 . 2010-08-24 14:11 0 ----a-w- c:\windows\nsreg.dat 2010-08-24 14:11 . 2010-08-24 14:11 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\Mozilla 2010-08-09 21:10 . 2010-08-09 21:10 503808 ----a-w- c:\documents and settings\Famille_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fbdcc80-n\msvcp71.dll 2010-08-09 21:10 . 2010-08-09 21:10 499712 ----a-w- c:\documents and settings\Famille_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fbdcc80-n\jmc.dll 2010-08-09 21:10 . 2010-08-09 21:10 348160 ----a-w- c:\documents and settings\Famille_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fbdcc80-n\msvcr71.dll 2010-08-09 21:10 . 2010-08-09 21:10 61440 ----a-w- c:\documents and settings\Famille_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2edcf6b6-n\decora-sse.dll 2010-08-09 21:10 . 2010-08-09 21:10 12800 ----a-w- c:\documents and settings\Famille_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2edcf6b6-n\decora-d3d.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-05 18:58 . 2010-08-03 00:47 -------- d-----w- c:\program files\iTunes 2010-09-05 18:58 . 2009-09-29 08:14 -------- d-----w- c:\program files\QuickTime 2010-09-04 16:15 . 2010-04-02 08:25 1 ----a-w- c:\documents and settings\Famille_2\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-09-04 14:29 . 2010-08-27 12:34 112 ----a-w- c:\documents and settings\All Users\Application Data\5fKjM15.dat 2010-09-04 13:46 . 2010-01-20 20:33 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-02 17:33 . 2010-07-27 19:37 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-30 01:36 . 2006-03-02 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat 2010-08-30 01:36 . 2006-03-02 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat 2010-08-29 17:13 . 2006-03-02 12:00 54144 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2010-08-29 15:08 . 2008-09-05 17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-27 21:08 . 2010-08-27 06:36 35880 ----a-w- c:\windows\debug .exe 2010-08-27 21:08 . 2010-08-27 06:36 35864 ----a-w- c:\windows\debug .exe 2010-08-27 21:07 . 2010-08-27 06:36 35856 ----a-w- c:\windows\debug .exe 2010-08-27 21:07 . 2010-08-27 06:36 35860 ----a-w- c:\windows\debug .exe 2010-08-27 21:07 . 2010-08-27 06:36 35864 ----a-w- c:\windows\debug .exe 2010-08-27 21:06 . 2010-08-27 06:36 35856 ----a-w- c:\windows\debug .exe 2010-08-27 21:03 . 2010-08-27 06:36 35852 ----a-w- c:\windows\debug .exe 2010-08-27 21:02 . 2010-08-27 06:36 35852 ----a-w- c:\windows\debug .exe 2010-08-27 20:39 . 2010-08-27 06:36 35856 ----a-w- c:\windows\debug .exe 2010-08-27 18:39 . 2010-08-27 06:36 35852 ----a-w- c:\windows\debug .exe 2010-08-27 18:11 . 2010-08-27 06:36 35852 ----a-w- c:\windows\debug .exe 2010-08-27 14:33 . 2010-08-27 06:36 35848 ----a-w- c:\windows\debug .exe 2010-08-27 12:29 . 2010-08-27 06:36 35844 ----a-w- c:\windows\debug.exe 2010-08-11 02:36 . 2009-11-19 18:22 -------- d-----w- c:\documents and settings\Famille\Application Data\Apple Computer 2010-08-05 02:16 . 2010-08-05 02:16 503808 ----a-w- c:\documents and settings\Famille\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22890ab1-n\msvcp71.dll 2010-08-05 02:16 . 2010-08-05 02:16 499712 ----a-w- c:\documents and settings\Famille\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22890ab1-n\jmc.dll 2010-08-05 02:16 . 2010-08-05 02:16 348160 ----a-w- c:\documents and settings\Famille\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22890ab1-n\msvcr71.dll 2010-08-05 02:16 . 2010-08-05 02:16 61440 ----a-w- c:\documents and settings\Famille\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33ee667a-n\decora-sse.dll 2010-08-05 02:16 . 2010-08-05 02:16 12800 ----a-w- c:\documents and settings\Famille\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33ee667a-n\decora-d3d.dll 2010-08-04 00:11 . 2007-10-19 17:19 -------- d-----w- c:\program files\Paint Shop Pro 5 2010-08-03 23:20 . 2010-08-03 18:26 -------- d-----w- c:\program files\Canon 2010-08-03 23:19 . 2010-08-03 18:25 664 ----a-w- c:\documents and settings\Famille_2\Local Settings\Application Data\d3d9caps.tmp 2010-08-03 18:29 . 2010-08-03 18:29 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2010-08-03 18:28 . 2010-08-03 18:28 -------- d--h--w- c:\program files\CanonBJ 2010-08-03 01:27 . 2009-12-19 20:23 -------- d-----w- c:\documents and settings\Famille_2\Application Data\Apple Computer 2010-08-03 00:48 . 2010-08-03 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-08-03 00:47 . 2010-08-03 00:47 -------- d-----w- c:\program files\iPod 2010-08-03 00:47 . 2009-09-29 08:14 -------- d-----w- c:\program files\Fichiers communs\Apple 2010-08-03 00:47 . 2010-08-03 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-08-03 00:45 . 2010-08-03 00:45 -------- d-----w- c:\program files\Apple Software Update 2010-08-03 00:45 . 2010-08-03 00:45 -------- d-----w- c:\program files\Bonjour 2010-07-21 14:30 . 2010-07-21 14:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-06-30 12:32 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:17 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:17 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-06-24 09:02 . 2006-03-02 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2007-10-19 09:05 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:42 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll . <pre> c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe c:\program files\Fichiers communs\Java\Java Update\jusched .exe c:\program files\Fichiers communs\Real\Update_OB\realsched .exe c:\program files\Malwarebytes' Anti-Malware\mbam .exe c:\program files\Messenger\msmsgs .exe c:\windows\debug .exe c:\windows\debug .exe c:\windows\debug .exe c:\windows\debug .exe c:\windows\debug .exe c:\windows\debug .exe c:\windows\debug .exe c:\windows\debug .exe c:\windows\debug .exe c:\windows\debug .exe c:\windows\debug .exe c:\windows\debug .exe c:\windows\vmm32dll .exe </pre> ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vmm32dll"="c:\windows\vmm32dll.exe" [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 577536] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [N/A] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [N/A] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [N/A] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "rlpsdgsr"="c:\documents and settings\Famille\Local Settings\Application Data\spkxqtvrq\xujtfshshdw.exe" [N/A] c:\documents and settings\Famille\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage d'Office.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-1-27 51984] Microsoft Recherche acc‚l‚r‚e.lnk - c:\program files\Microsoft Office\Office\Findfast.exe [1997-1-27 111376] Reboot.exe [2004-10-1 334336] [HKLM\~\startupfolder\C:^Documents and Settings^Famille^Menu Démarrer^Programmes^Démarrage^Antimalware Doctor.lnk] path=c:\documents and settings\Famille\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk backup=c:\windows\pss\Antimalware Doctor.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brelwvcd] c:\windows\fxwkvrkshdw.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\djlbdqmw] c:\windows\dnorblishdw.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dumdohna] c:\windows\unsfmkushdw.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dxkaxyna] c:\windows\aaikxrtshdw.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epwowtld] c:\windows\xurnlfmshdw.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fycbuads] c:\windows\atymtteshdw.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hglkfubt] c:\windows\ufelehsshdw.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jlixqxot] c:\windows\yeouyugshdw.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\klbarihk] c:\windows\dfsouprshdw.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Metropolis] c:\windows\system32\sshnas21.dll [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newsecureapp70700 .exe] c:\documents and settings\Famille\Application Data\E96E5231DDBA03CBE4280AFE939079A2\newsecureapp70700 .exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newsecureapp70700 .exe] c:\documents and settings\Famille\Application Data\E96E5231DDBA03CBE4280AFE939079A2\newsecureapp70700 .exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newsecureapp70700 .exe] c:\documents and settings\Famille\Application Data\E96E5231DDBA03CBE4280AFE939079A2\newsecureapp70700 .exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newsecureapp70700.exe] c:\documents and settings\Famille\Application Data\E96E5231DDBA03CBE4280AFE939079A2\newsecureapp70700.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppoeyjwq] c:\windows\aaypwbbshdw.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\unvxwqwf] c:\windows\rocghvqshdw.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XBV6RD5SZF] c:\docume~1\Famille\LOCALS~1\Temp\Wbh.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xtetpmed] c:\windows\yexpalyshdw.exe [N/A] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S0 pesrw;pesrw; [x] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/11/2009 23:56 135664] . Contenu du dossier 'Tâches planifiées' 2010-09-04 c:\windows\Tasks\At49.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-09-04 c:\windows\Tasks\At50.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-09-05 c:\windows\Tasks\At51.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-09-05 c:\windows\Tasks\At52.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-09-05 c:\windows\Tasks\At53.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-09-04 c:\windows\Tasks\At54.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-09-04 c:\windows\Tasks\At55.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-08-31 c:\windows\Tasks\At56.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-08-31 c:\windows\Tasks\At57.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-08-31 c:\windows\Tasks\At58.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-08-31 c:\windows\Tasks\At59.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-08-31 c:\windows\Tasks\At61.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-08-31 c:\windows\Tasks\At63.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-08-31 c:\windows\Tasks\At65.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-09-02 c:\windows\Tasks\At67.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-08-31 c:\windows\Tasks\At69.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-09-04 c:\windows\Tasks\At71.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-09-04 c:\windows\Tasks\At73.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-09-04 c:\windows\Tasks\At75.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-09-04 c:\windows\Tasks\At79.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-09-04 c:\windows\Tasks\At82.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-09-04 c:\windows\Tasks\At85.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-09-04 c:\windows\Tasks\At88.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-09-04 c:\windows\Tasks\At91.job - c:\windows\system32\PL7IJ2V2.com [2010-08-29 21:07] 2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 21:56] 2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 21:56] 2010-09-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1214440339-725345543-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-09-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1214440339-725345543-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-08-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-1214440339-725345543-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-08-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-1214440339-725345543-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] . . ------- Examen supplémentaire ------- . uStart Page = file:///D:/DocAlain/DocIndex.htm uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:6522 FF - ProfilePath - c:\documents and settings\Famille\Application Data\Mozilla\Firefox\Profiles\464b2mpn.default\ FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHELINS SUPPRIMES - - - - SafeBoot-klmdb.sys AddRemove-qacqw - c:\documents and settings\famille\local settings\application data\qacqw.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-05 20:58 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(496) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2148) c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe c:\windows\SOUNDMAN.EXE . ************************************************************************** . Heure de fin: 2010-09-05 21:03:06 - La machine a redémarré ComboFix-quarantined-files.txt 2010-09-05 19:03 Avant-CF: 4 329 127 936 octets libres Après-CF: 6 109 798 400 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect - - End Of File - - 3268E9F194ADB23B3553C1A3509D4933 Voici également le rapport du dernier scan effectué avec MBAM : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4546 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 05/09/2010 05:26:14 mbam-log-2010-09-05 (05-26-14).txt Type d'examen: Examen complet (C:\|) Elément(s) analysé(s): 201706 Temps écoulé: 21 minute(s), 39 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 21 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\cryptnet32.dll (Trojan.Agent) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\cryptnet32.dll (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Famille\Application Data\Sun\Java\Deployment\cache\6.0\16\1a3682d0-29fbf7ba (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Famille\Local Settings\Temp\0.7297748224103932.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Famille\Local Settings\Temp\Wbh.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Famille\Local Settings\Temp\_12.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Famille\Local Settings\Temp\_13.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Famille\Local Settings\Temp\_15.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Famille_2\Application Data\Sun\Java\Deployment\cache\6.0\16\1a3682d0-1439604c (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Famille_2\Local Settings\Temp\Wbi.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Famille_2\Local Settings\Temp\_11.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Famille_2\Local Settings\Temp\_12.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Famille_2\Local Settings\Temp\Wbf.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Famille_2\Local Settings\Temp\Wbg.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Famille_2\Local Settings\Temp\Wbh.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Wsirub.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\pesrw.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\shimg.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. -
Redirection des liens google vers de la pub
Copro a posté un sujet dans Analyses et éradication malwares
Bonjour à tous, Le pc de mon père a été infecté il y a quelques jours par antimalware doctor puis security tool. Je suis parvenu à régler le problème en utilisant malwarebytes antimalware. Mais depuis, tous les liens d'une recherche google sont redirigés vers de la publicité. Voici le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:14:58, on 04/09/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17080) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Microsoft Office\Office\Findfast.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Documents and Settings\Famille\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/DocAlain/DocIndex.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [soawnercmx.tmp] "C:\DOCUME~1\Famille\LOCALS~1\Temp\soawnercmx.tmp" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [vmm32dll] C:\WINDOWS\vmm32dll.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\Findfast.exe O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: Reboot.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing) O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 6261 bytes Merci d'avance !