Aller au contenu

navigateur711

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    6

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par navigateur711

  1. navigateur711
    Bonsoir Bernard53, Je pense que le virus est eradicé, par contre, je ne peux plus aller sur des site comme Microsoft... ??? Lionel
  2. navigateur711
    Bonsoir, Voci les resultats de l'analyse OTL. Cliquez ici. Cliquez ici. Merci Lionel
  3. navigateur711
  4. navigateur711
    Bonsoir Bernard53, Voici le rapport: ComboFix 11-04-07.08 - _ 08/04/2011 20:40:26.4.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.889.303 [GMT 2:00] Lancé depuis: C:\Documents and Settings\_\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\_\Bureau\CFScript.txt AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FILE :: "c:\documents and settings\_\Menu Démarrer\Programmes\Démarrage\fdrnvtii.exe" "c:\program files\waaxlqcr" "c:\windows\system32\drivers\eeqrscfx.sys" ((((((((((((((((((((((((((((( Fichiers créés du 2011-03-08 au 2011-04-08 )))))))))))))))))))))))))))))))))))) 2011-04-08 18:49:28 . 2011-04-08 18:49:28 28752 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F088F848-4D0C-4AF1-945C-CB056F267E47}\MpKsldddebada.sys 2011-04-08 18:36:13 . 2011-04-08 18:36:13 28752 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F088F848-4D0C-4AF1-945C-CB056F267E47}\MpKsl514b0105.sys 2011-04-08 18:28:15 . 2011-04-08 18:28:15 28752 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F088F848-4D0C-4AF1-945C-CB056F267E47}\MpKslb4c2df70.sys 2011-04-08 17:54:02 . 2011-04-08 17:54:02 28752 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F088F848-4D0C-4AF1-945C-CB056F267E47}\MpKsl7de2fd18.sys 2011-04-07 13:48:15 . 2011-03-15 04:05:43 6792528 ------w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F088F848-4D0C-4AF1-945C-CB056F267E47}\mpengine.dll 2011-04-07 12:07:02 . 2011-04-07 12:07:02 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-04-07 12:04:57 . 2011-04-07 12:15:12 -------- d-----w- C:\Program Files\ZHPDiag 2011-03-27 14:11:07 . 2011-03-27 14:11:11 -------- d-----w- C:\Program Files\CCleaner 2011-03-26 23:01:08 . 2011-03-26 23:01:08 -------- d-----w- C:\Documents and Settings\_\Application Data\Malwarebytes 2011-03-26 23:00:58 . 2010-12-20 16:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2011-03-26 23:00:47 . 2011-03-26 23:00:47 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2011-03-26 23:00:42 . 2010-12-20 16:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys 2011-03-26 23:00:41 . 2011-04-07 16:02:31 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2011-03-26 22:36:24 . 2011-04-08 18:49:17 -------- d-----w- C:\Program Files\waaxlqcr 2011-03-21 11:25:40 . 2011-03-21 11:26:17 -------- d-----w- C:\Program Files\Fichiers communs\Adobe 2011-03-13 14:15:51 . 2011-03-20 23:46:42 -------- d-----w- C:\Documents and Settings\_\Application Data\dvdcss 2011-03-12 10:28:40 . 2011-03-12 10:28:40 103864 ----a-w- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll 2011-03-09 19:41:18 . 2011-03-09 19:42:02 -------- d-----w- C:\Documents and Settings\Michel LABROSSE (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
  5. navigateur711
    Bonjour Bernard53, Je suis au travail ce matin, dès que je rentre ce soir j'appliquerai tes consignes en croisant les doigts pour que ça marche. Merci à toi de t'interesser à mon pb. Cdt Lionel
  6. navigateur711
    Bonjour, Mo poste est infecté par Ramnit.V Pas moyen de m'en débarasser... J'ai installer Combofix, suivi les instructions et editer un rapport que je joints à mon appel au secours. Merci par avance de votre aide.. Lionel omboFix 11-04-06.03 - _ 07/04/2011 15:22:46.2.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.889.337 [GMT 2:00] Lancé depuis: c:\documents and settings\_\Bureau\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-03-07 au 2011-04-07 )))))))))))))))))))))))))))))))))))) . . 2011-04-07 12:50 . 2011-04-07 12:50 41680 ----a-w- c:\windows\system32\drivers\eeqrscfx.sys 2011-04-07 12:34 . 2011-04-07 12:34 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{29BBF709-22EF-4D86-8201-1E41269B187C}\MpKslba6a153b.sys 2011-04-07 12:07 . 2011-04-07 12:07 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-04-07 12:04 . 2011-04-07 12:15 -------- d-----w- c:\program files\ZHPDiag 2011-04-07 11:25 . 2011-03-15 04:05 6792528 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{29BBF709-22EF-4D86-8201-1E41269B187C}\mpengine.dll 2011-03-27 14:11 . 2011-03-27 14:11 -------- d-----w- c:\program files\CCleaner 2011-03-26 23:01 . 2011-03-26 23:01 -------- d-----w- c:\documents and settings\_\Application Data\Malwarebytes 2011-03-26 23:00 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-26 23:00 . 2011-03-26 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-26 23:00 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-26 23:00 . 2011-03-26 23:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-26 22:36 . 2011-04-07 12:34 -------- d-----w- c:\program files\waaxlqcr 2011-03-21 11:25 . 2011-03-21 11:26 -------- d-----w- c:\program files\Fichiers communs\Adobe 2011-03-13 14:15 . 2011-03-20 23:46 -------- d-----w- c:\documents and settings\_\Application Data\dvdcss 2011-03-09 19:41 . 2011-03-09 19:42 -------- d-----w- c:\documents and settings\Michel LABROSSE . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-15 04:05 . 2010-10-28 08:30 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-03-05 16:15 . 2011-03-05 16:15 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2011-02-09 13:54 . 2008-07-23 22:47 270848 ------w- c:\windows\system32\sbe.dll 2011-02-09 13:54 . 2008-07-23 22:46 186880 ------w- c:\windows\system32\encdec.dll 2011-02-02 07:59 . 2008-07-23 12:56 2067456 ------w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2008-07-23 12:56 677888 ------w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2008-07-23 22:47 441344 ------w- c:\windows\system32\shimgvw.dll 2011-01-13 09:41 . 2011-02-05 17:50 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll 2011-01-07 14:09 . 2008-07-23 22:46 290048 ----a-w- c:\windows\system32\atmfd.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-06-10 61728] "TpShocks"="TpShocks.exe" [2009-03-05 185632] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976] "LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752] "RTHDCPL"="RTHDCPL.EXE" [2009-07-02 18665472] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-09 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-09 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-09 142872] "TVT Scheduler Proxy"="c:\program files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248] "RoxWatchTray"="c:\program files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208] "RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920] "Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-12-10 513384] "CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-12-04 40960] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-09-11 614400] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . c:\documents and settings\_\Menu D‚marrer\Programmes\D‚marrage\ Event Reminder.lnk - c:\pmw\PMREMIND.EXE [1997-11-3 254128] . c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-5-8 607584] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] Microsoft Security Essentials.lnk - c:\program files\Microsoft Security Client\msseces.exe [2010-11-30 997408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\UltraVNC\\winvnc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:UltraVNC "5800:TCP"= 5800:TCP:UltraVNC-Web . R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [04/03/2009 16:56 20520] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [17/07/2009 04:59 13480] R1 MpKslba6a153b;MpKslba6a153b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{29BBF709-22EF-4D86-8201-1E41269B187C}\MpKslba6a153b.sys [07/04/2011 14:34 28752] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [06/10/2009 04:21 45424] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [08/03/2010 10:26 53248] R2 regi;regi;c:\windows\system32\drivers\regi.sys [17/04/2007 21:09 11032] R2 TPHKSVC;Incrustation;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [06/10/2009 04:21 62320] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [24/11/2008 16:34 520192] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [08/03/2010 10:04 110080] R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [08/03/2010 10:02 119256] R3 RTL8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [08/03/2010 10:01 556288] S1 eeqrscfx;eeqrscfx;c:\windows\system32\drivers\eeqrscfx.sys [07/04/2011 14:50 41680] S1 MpKsl98819e3b;MpKsl98819e3b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2FE2A721-E765-47F9-9086-B31A4EEF6146}\MpKsl98819e3b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2FE2A721-E765-47F9-9086-B31A4EEF6146}\MpKsl98819e3b.sys [?] S1 MpKsl9a2c1b92;MpKsl9a2c1b92;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54B9F075-FD80-40F6-9219-942CA4D53516}\MpKsl9a2c1b92.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54B9F075-FD80-40F6-9219-942CA4D53516}\MpKsl9a2c1b92.sys [?] S1 MpKslf3dcb335;MpKslf3dcb335;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD549881-7BF9-4A7C-8DE2-33C0161456E7}\MpKslf3dcb335.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD549881-7BF9-4A7C-8DE2-33C0161456E7}\MpKslf3dcb335.sys [?] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [25/04/2008 09:18 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [25/04/2008 09:16 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [25/04/2008 09:15 166384] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [09/05/2008 18:50 360448] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [08/03/2010 10:04 1684736] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27/03/2011 01:00 38224] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [25/04/2008 09:18 313840] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25/04/2008 09:15 1120752] . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - MPKSLBA6A153B . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contenu du dossier 'Tâches planifiées' . 2011-04-07 c:\windows\Tasks\DMEPeriodicTask.job - c:\program files\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe [2009-06-16 06:17] . 2011-04-07 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26] . 2011-03-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57] . 2011-04-07 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-03-08 16:11] . 2011-04-07 c:\windows\Tasks\User_Feed_Synchronization-{69600C1E-C8F6-4987-8597-F01DA430DBC9}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Settings,ProxyServer = admin:3128 uInternet Settings,ProxyOverride = 172.16.0.5 IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Envoyer à Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\documents and settings\_\Application Data\Mozilla\Firefox\Profiles\68t5igho.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - prefs.js: network.proxy.ftp - admin FF - prefs.js: network.proxy.ftp_port - 3129 FF - prefs.js: network.proxy.gopher - admin FF - prefs.js: network.proxy.gopher_port - 3129 FF - prefs.js: network.proxy.http - admin FF - prefs.js: network.proxy.http_port - 3129 FF - prefs.js: network.proxy.socks - admin FF - prefs.js: network.proxy.socks_port - 3129 FF - prefs.js: network.proxy.ssl - admin FF - prefs.js: network.proxy.ssl_port - 3129 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-04-07 15:29 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwQueryDirectoryFile . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . . c:\documents and settings\_\Menu Démarrer\Programmes\Démarrage\fdrnvtii.exe 181638 bytes executable . Scan terminé avec succès Fichiers cachés: 1 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,66,cc,c6,80,b3,0d,45,b2,3b,bd,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,66,cc,c6,80,b3,0d,45,b2,3b,bd,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters] @DACL=(02 0000) @SACL= "WinSock_Registry_Version"="2.0" "Current_Protocol_Catalog"="Protocol_Catalog9" "Current_NameSpace_Catalog"="NameSpace_Catalog5" . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(972) c:\windows\system32\igfxdev.dll c:\program files\Lenovo\HOTKEY\notifyf2.dll . - - - - - - - > 'explorer.exe'(5396) c:\windows\system32\btmmhook.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . Heure de fin: 2011-04-07 15:33:33 ComboFix-quarantined-files.txt 2011-04-07 13:33 ComboFix2.txt 2011-04-07 11:15 . Avant-CF: 120 441 405 440 octets libres Après-CF: 120 447 225 856 octets libres . - - End Of File - - 1DB66E879EB843F8F1D3ACA02C3550BA
×
×
  • Créer...