Aller au contenu

lulu1323

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

  • Jours gagnés

    1

lulu1323 a gagné pour la dernière fois le 14 septembre 2010

lulu1323 a eu le contenu le plus aimé !

Autres informations

  • Mes langues
    francais

lulu1323's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. lulu1323
    bonjour il y a 3 jours je vous avez demandé de l'aide et pas de reponse..... depuis le virus et revenu avec toute ses contraintes: desactivation de mon anti virus (norton 2010), désactivation de mes pare feu windows, bloquage de emule, bloquage des mises a jours windowx.... svp, svp, aidez moi j'ai refait un combofix voici le rapport ComboFix 10-09-09.04 - lulucastagnette 10/09/2010 15:16:23.2.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.511.175 [GMT 2:00] Lancé depuis: c:\documents and settings\lulucastagnette\Bureau\ComboFix.exe AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-10 au 2010-09-10 )))))))))))))))))))))))))))))))))))) . 2010-09-05 10:50 . 2010-09-06 08:10 -------- d-----w- c:\documents and settings\lulucastagnette\Local Settings\Application Data\Conduit 2010-09-05 10:50 . 2010-09-05 10:50 -------- d-----w- c:\program files\Conduit 2010-09-05 10:50 . 2010-09-06 08:11 -------- d-----w- c:\documents and settings\lulucastagnette\Local Settings\Application Data\Softonic_France 2010-09-05 10:50 . 2010-09-05 10:50 -------- d-----w- c:\program files\Softonic_France 2010-09-04 11:18 . 2010-09-06 12:27 853 ----a-w- C:\FindyKill_Upload_Me_LULU-2FC8CMFJN9.zip 2010-09-04 10:05 . 2010-09-06 12:54 -------- d-----w- C:\FyK 2010-08-31 18:31 . 2010-09-04 08:30 -------- d-----w- c:\program files\Ad-Remover 2010-08-31 16:12 . 2010-08-31 16:12 -------- d-----w- c:\documents and settings\NetworkService\Bureau 2010-08-30 16:20 . 2010-08-30 16:20 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Spyware Terminator 2010-08-30 09:18 . 2010-08-30 09:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-08-29 20:33 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-08-29 10:00 . 2010-09-09 08:40 -------- d-----w- c:\program files\WinClamAVShield 2010-08-28 21:52 . 2010-08-28 21:52 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\Tific 2010-08-28 10:08 . 2010-08-28 10:08 -------- d-----w- c:\documents and settings\lulucastagnette\Local Settings\Application Data\Sunbelt Software 2010-08-28 10:06 . 2010-08-28 10:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2010-08-28 10:05 . 2010-08-28 10:05 -------- d-----w- c:\program files\Lavasoft 2010-08-27 21:32 . 2010-08-27 21:32 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2010-08-27 21:32 . 2010-09-09 08:26 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\Spyware Terminator 2010-08-27 21:32 . 2010-09-09 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2010-08-27 21:32 . 2010-09-09 08:56 -------- d-----w- c:\program files\Spyware Terminator 2010-08-27 20:52 . 2010-08-27 20:52 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\Malwarebytes 2010-08-27 20:52 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-27 20:52 . 2010-08-27 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-27 20:52 . 2010-08-29 20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-27 20:52 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-27 20:31 . 2010-09-07 19:31 -------- d-----w- c:\windows\BDOSCAN8 2010-08-21 17:16 . 2010-08-21 17:16 -------- d-----w- c:\program files\Fichiers communs\Java 2010-08-17 05:22 . 2010-08-17 05:22 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-10 12:52 . 2009-01-14 14:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-09-10 11:22 . 2009-01-14 15:49 -------- d-----w- c:\program files\eMule 2010-09-06 07:52 . 2001-09-28 12:00 94622 ----a-w- c:\windows\system32\perfc00C.dat 2010-09-06 07:52 . 2001-09-28 12:00 535444 ----a-w- c:\windows\system32\perfh00C.dat 2010-09-05 13:34 . 2010-03-13 17:43 -------- d-----w- c:\program files\Norton Utilities 14 2010-09-05 09:17 . 2009-01-14 11:23 -------- d-----w- c:\program files\Windows Live 2010-08-27 21:32 . 2010-08-27 21:32 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe 2010-08-27 21:32 . 2010-08-27 21:32 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys 2010-08-21 17:15 . 2009-01-14 15:55 -------- d-----w- c:\program files\Java 2010-08-15 20:44 . 2009-01-14 14:46 -------- d-----w- c:\program files\Google 2010-08-15 20:40 . 2009-03-16 14:50 -------- d-----w- c:\program files\Yahoo! 2010-08-15 20:38 . 2010-05-14 13:49 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\OfferBox 2010-08-15 07:04 . 2008-09-23 18:29 94208 -c--a-w- c:\windows\DUMP8963.tmp 2010-08-12 12:16 . 2010-08-28 10:06 2979848 begin_of_the_skype_highlighting 06 2979848 end_of_the_skype_highlighting begin_of_the_skype_highlighting 06 2979848 end_of_the_skype_highlighting begin_of_the_skype_highlighting 06 2979848 end_of_the_skype_highlighting begin_of_the_skype_highlighting 06 2979848 end_of_the_skype_highlighting -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe 2010-08-06 07:45 . 2009-01-14 11:26 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\MSN6 2010-08-05 20:02 . 2010-08-05 20:02 503808 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7427945d-n\msvcp71.dll 2010-08-05 20:02 . 2010-08-05 20:02 499712 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7427945d-n\jmc.dll 2010-08-05 20:02 . 2010-08-05 20:02 348160 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7427945d-n\msvcr71.dll 2010-08-05 20:02 . 2010-08-05 20:02 61440 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-60cbb00e-n\decora-sse.dll 2010-08-05 20:02 . 2010-08-05 20:02 12800 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-60cbb00e-n\decora-d3d.dll 2010-07-17 03:00 . 2010-05-09 17:49 423656 -c--a-w- c:\windows\system32\deployJava1.dll 2010-06-30 12:32 . 2001-09-28 12:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:17 . 2006-06-23 11:28 832512 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:17 . 2010-04-15 09:21 78336 -c--a-w- c:\windows\system32\ieencode.dll 2010-06-24 12:17 . 2001-09-28 12:00 17408 -c--a-w- c:\windows\system32\corpol.dll 2010-06-24 09:02 . 2001-09-28 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2001-09-28 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2001-09-28 12:00 80384 -c--a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2008-09-23 17:33 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe 2010-06-14 07:42 . 2006-09-13 05:10 1172480 ----a-w- c:\windows\system32\msxml3.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}] 2010-06-13 17:10 2734688 ----a-w- c:\program files\Softonic_France\tbSoft.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-08-12 4093288] "SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-08-27 3037696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="nwiz.exe" [2006-10-22 1622016] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400] "Server Application"="c:\windows\system32\ServoApp.exe" [2007-05-20 417792] "Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088] "BuyObaB-Update"="c:\program files\ReducBarre\update.exe" [2010-03-07 532992] "SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720] "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-08-27 2176512] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\lulucastagnette\Menu D‚marrer\Programmes\D‚marrage\ Outil de notification Live Search.lnk - c:\documents and settings\lulucastagnette\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-1-14 143360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Nikon Monitor.lnk] backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup backupExtension=Common Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 -c--a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series] 2007-12-17 06:00 188928 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEGE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GDI Manager] 2008-05-06 00:10 741376 ------w- c:\program files\MFP Server\App\Common\MFPAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-12-11 09:56 286720 -c--a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator] 2010-08-27 21:32 2176512 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate] 2010-08-27 21:32 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 09:44 248552 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-04-08 10:38 251240 -c--a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2006-11-03 17:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\MFP Server\\App\\Common\\MFPAgent.exe"= R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1107000.00C\symds.sys [25/05/2010 08:46 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1107000.00C\symefa.sys [25/05/2010 08:46 173104] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [19/08/2010 13:09 692272] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1107000.00C\cchpx86.sys [25/05/2010 08:46 501888] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [27/08/2010 23:32 142592] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1107000.00C\ironx86.sys [25/05/2010 08:46 116784] R2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\drivers\mfpec.sys [08/09/2009 18:42 34944] R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe [25/05/2010 08:45 126392] R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [28/09/2001 14:00 5120] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 12:38 92008] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/08/2010 20:48 102448] R3 es1969;Pilote audio ESS Solo (WDM);c:\windows\system32\drivers\es1969.sys [23/09/2008 19:35 72192] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100909.001\IDSXpx86.sys [10/09/2010 11:39 331640] R3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [24/09/2009 10:56 7936] R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20/12/2007 18:13 1562096] R3 WUSBVBus;MFP Server Detector;c:\windows\system32\drivers\mfpvbus.sys [08/09/2009 18:42 10240] S2 gupdate1c9b472eaf50a6e;Service Google Update (gupdate1c9b472eaf50a6e);c:\program files\Google\Update\GoogleUpdate.exe [03/04/2009 17:43 133104] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 14:15 1355928] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/08/2010 14:15 15008] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [24/01/2009 15:46 216232] . Contenu du dossier 'Tâches planifiées' 2010-09-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 14:07] 2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 15:42] 2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 15:42] 2010-09-10 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] 2010-09-10 c:\windows\Tasks\User_Feed_Synchronization-{0DF3917A-FA90-4F87-A1CE-635EF589C0C4}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 16:36] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.foozir.com/ mStart Page = hxxp://www.foozir.com/ TCP: {91E4EF5D-E9B5-483A-9F75-B4A9F6CE5573} = 192.168.1.1 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-10 15:26 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\INIDVD] "ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00" -- [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.7.0.12\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\INIDVD] "ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3184) c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Heure de fin: 2010-09-10 15:35:02 ComboFix-quarantined-files.txt 2010-09-10 13:34 ComboFix2.txt 2010-09-07 17:27 Avant-CF: 88 388 980 736 octets libres Après-CF: 88 383 766 528 octets libres - - End Of File - - 55B1024A466242D325134913907B7C9E Edition Thanos: j'ai fusionné tes deux sujets lulu123
  2. lulu1323
    Bonjour J'ai subit recemment une infection du a un virus HOTMAIL ou il fallait cliquer sur un lien (photo). Je suis une novice en informatique. Je suis allé sur les forums qui m'ont conseillé de faire une analyse COMBOFIX mais je ne comprend pas le rapport. De plus le tuto que j'ai utilisé pour ce programme me conseil de venir sur ce site pour analyser le rapport et supprimer les risidus de l'infection. merci de m'aider voici le rapport ComboFix 10-09-06.04 - lulucastagnette 07/09/2010 18:44:37.1.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.419 [GMT 2:00] Lancé depuis: c:\documents and settings\lulucastagnette\Bureau\ComboFix.exe AV: Emsisoft Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255} AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\scrrnfr.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-07 au 2010-09-07 )))))))))))))))))))))))))))))))))))) . 2010-09-06 15:28 . 2010-09-06 15:28 -------- d-----w- c:\program files\AxBx 2010-09-06 14:34 . 2010-09-07 15:21 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2010-09-05 10:50 . 2010-09-06 08:10 -------- d-----w- c:\documents and settings\lulucastagnette\Local Settings\Application Data\Conduit 2010-09-05 10:50 . 2010-09-05 10:50 -------- d-----w- c:\program files\Conduit 2010-09-05 10:50 . 2010-09-06 08:11 -------- d-----w- c:\documents and settings\lulucastagnette\Local Settings\Application Data\Softonic_France 2010-09-05 10:50 . 2010-09-05 10:50 -------- d-----w- c:\program files\Softonic_France 2010-09-04 11:18 . 2010-09-06 12:27 853 ----a-w- C:\FindyKill_Upload_Me_LULU-2FC8CMFJN9.zip 2010-09-04 10:05 . 2010-09-06 12:54 -------- d-----w- C:\FyK 2010-08-31 18:31 . 2010-09-04 08:30 -------- d-----w- c:\program files\Ad-Remover 2010-08-31 16:12 . 2010-08-31 16:12 -------- d-----w- c:\documents and settings\NetworkService\Bureau 2010-08-30 16:20 . 2010-08-30 16:20 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Spyware Terminator 2010-08-30 09:18 . 2010-08-30 09:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-08-29 20:33 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-08-29 10:00 . 2010-09-06 10:32 -------- d-----w- c:\program files\WinClamAVShield 2010-08-28 21:52 . 2010-08-28 21:52 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\Tific 2010-08-28 10:08 . 2010-08-28 10:08 -------- d-----w- c:\documents and settings\lulucastagnette\Local Settings\Application Data\Sunbelt Software 2010-08-28 10:06 . 2010-08-28 10:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2010-08-28 10:05 . 2010-08-28 10:05 -------- d-----w- c:\program files\Lavasoft 2010-08-27 21:32 . 2010-08-27 21:32 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2010-08-27 21:32 . 2010-09-04 09:32 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\Spyware Terminator 2010-08-27 21:32 . 2010-09-06 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2010-08-27 21:32 . 2010-09-03 09:38 -------- d-----w- c:\program files\Spyware Terminator 2010-08-27 20:52 . 2010-08-27 20:52 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\Malwarebytes 2010-08-27 20:52 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-27 20:52 . 2010-08-27 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-27 20:52 . 2010-08-29 20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-27 20:52 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-27 20:31 . 2010-08-27 21:02 -------- d-----w- c:\windows\BDOSCAN8 2010-08-21 17:16 . 2010-08-21 17:16 -------- d-----w- c:\program files\Fichiers communs\Java 2010-08-17 05:22 . 2010-08-17 05:22 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-07 17:16 . 2009-01-14 14:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-09-06 07:52 . 2001-09-28 12:00 94622 ----a-w- c:\windows\system32\perfc00C.dat 2010-09-06 07:52 . 2001-09-28 12:00 535444 ----a-w- c:\windows\system32\perfh00C.dat 2010-09-05 13:34 . 2010-03-13 17:43 -------- d-----w- c:\program files\Norton Utilities 14 2010-09-05 09:17 . 2009-01-14 11:23 -------- d-----w- c:\program files\Windows Live 2010-08-27 21:32 . 2010-08-27 21:32 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe 2010-08-27 21:32 . 2010-08-27 21:32 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys 2010-08-21 17:15 . 2009-01-14 15:55 -------- d-----w- c:\program files\Java 2010-08-15 20:44 . 2009-01-14 14:46 -------- d-----w- c:\program files\Google 2010-08-15 20:40 . 2009-03-16 14:50 -------- d-----w- c:\program files\Yahoo! 2010-08-15 20:38 . 2010-05-14 13:49 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\OfferBox 2010-08-15 07:04 . 2008-09-23 18:29 94208 -c--a-w- c:\windows\DUMP8963.tmp 2010-08-12 12:16 . 2010-08-28 10:06 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe 2010-08-06 07:45 . 2009-01-14 11:26 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\MSN6 2010-08-05 20:02 . 2010-08-05 20:02 503808 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7427945d-n\msvcp71.dll 2010-08-05 20:02 . 2010-08-05 20:02 499712 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7427945d-n\jmc.dll 2010-08-05 20:02 . 2010-08-05 20:02 348160 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7427945d-n\msvcr71.dll 2010-08-05 20:02 . 2010-08-05 20:02 61440 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-60cbb00e-n\decora-sse.dll 2010-08-05 20:02 . 2010-08-05 20:02 12800 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-60cbb00e-n\decora-d3d.dll 2010-07-17 03:00 . 2010-05-09 17:49 423656 -c--a-w- c:\windows\system32\deployJava1.dll 2010-06-30 12:32 . 2001-09-28 12:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:17 . 2006-06-23 11:28 832512 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:17 . 2010-04-15 09:21 78336 -c--a-w- c:\windows\system32\ieencode.dll 2010-06-24 12:17 . 2001-09-28 12:00 17408 -c--a-w- c:\windows\system32\corpol.dll 2010-06-24 09:02 . 2001-09-28 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2001-09-28 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2001-09-28 12:00 80384 -c--a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2008-09-23 17:33 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe 2010-06-14 07:42 . 2006-09-13 05:10 1172480 ----a-w- c:\windows\system32\msxml3.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}] 2010-06-13 17:10 2734688 ----a-w- c:\program files\Softonic_France\tbSoft.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-08-12 4093288] "SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-08-27 3037696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="nwiz.exe" [2006-10-22 1622016] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400] "Server Application"="c:\windows\system32\ServoApp.exe" [2007-05-20 417792] "Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088] "BuyObaB-Update"="c:\program files\ReducBarre\update.exe" [2010-03-07 532992] "SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208] "a-squared"="c:\program files\EMSISOFT ANTI-MALWARE\a2guard.exe" [2010-07-26 3634568] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\lulucastagnette\Menu D‚marrer\Programmes\D‚marrage\ Outil de notification Live Search.lnk - c:\documents and settings\lulucastagnette\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-1-14 143360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Nikon Monitor.lnk] backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup backupExtension=Common Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 -c--a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series] 2007-12-17 06:00 188928 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEGE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GDI Manager] 2008-05-06 00:10 741376 ------w- c:\program files\MFP Server\App\Common\MFPAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-12-11 09:56 286720 -c--a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator] 2010-08-27 21:32 2176512 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate] 2010-08-27 21:32 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 09:44 248552 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-04-08 10:38 251240 -c--a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2006-11-03 17:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\MFP Server\\App\\Common\\MFPAgent.exe"= R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1107000.00C\symds.sys [25/05/2010 08:46 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1107000.00C\symefa.sys [25/05/2010 08:46 173104] R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [06/09/2010 16:34 41816] R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [06/09/2010 16:34 11776] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [19/08/2010 13:09 692272] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1107000.00C\cchpx86.sys [25/05/2010 08:46 501888] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [27/08/2010 23:32 142592] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1107000.00C\ironx86.sys [25/05/2010 08:46 116784] R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [06/09/2010 16:34 1935656] R2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\drivers\mfpec.sys [08/09/2009 18:42 34944] R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe [25/05/2010 08:45 126392] R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [28/09/2001 14:00 5120] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 12:38 92008] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592] R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [06/09/2010 16:34 71008] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/08/2010 20:48 102448] R3 es1969;Pilote audio ESS Solo (WDM);c:\windows\system32\drivers\es1969.sys [23/09/2008 19:35 72192] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100906.001\IDSXpx86.sys [07/09/2010 17:59 331640] R3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [24/09/2009 10:56 7936] R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20/12/2007 18:13 1562096] R3 WUSBVBus;MFP Server Detector;c:\windows\system32\drivers\mfpvbus.sys [08/09/2009 18:42 10240] S2 gupdate1c9b472eaf50a6e;Service Google Update (gupdate1c9b472eaf50a6e);c:\program files\Google\Update\GoogleUpdate.exe [03/04/2009 17:43 133104] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 14:15 1355928] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/08/2010 14:15 15008] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [24/01/2009 15:46 216232] . Contenu du dossier 'Tâches planifiées' 2010-09-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 14:07] 2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 15:42] 2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 15:42] 2010-09-07 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] 2010-09-07 c:\windows\Tasks\User_Feed_Synchronization-{0DF3917A-FA90-4F87-A1CE-635EF589C0C4}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 16:36] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2542115 Trusted Zone: orange.fr\www . - - - - ORPHELINS SUPPRIMES - - - - AddRemove-HijackThis - c:\documents and settings\lulucastagnette\Local Settings\Temporary Internet Files\Content.IE5\HLJ9IE4L\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-07 19:16 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwOpenFile Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\INIDVD] "ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00" -- [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.7.0.12\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\INIDVD] "ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . ------------------------ Autres processus actifs ------------------------ . c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Norton Ghost\Agent\VProSvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Spyware Terminator\sp_rsser.exe c:\windows\system32\SearchIndexer.exe c:\windows\System32\msdtc.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\windows\SOUNDMAN.EXE c:\documents and settings\lulucastagnette\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe c:\program files\Orange\Launcher\Launcher.exe . ************************************************************************** . Heure de fin: 2010-09-07 19:26:57 - La machine a redémarré ComboFix-quarantined-files.txt 2010-09-07 17:26 Avant-CF: 93 296 283 648 octets libres Après-CF: 93 300 899 840 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /usepmtimer /NoExecute=OptIn - - End Of File - - 42C1015C32E142E9F228799DE23D41EF
×
×
  • Créer...