problème de Modification du registre et gestionnaire de tache

[eva-chan]

heuu à cette page :

http://www.box.net/shared/8uc8quxaqi

[eva-chan]

alors heuu je peux avoir la suite s'il vous plait ? =)

[Falkra]

heuu à cette page :

http://www.box.net/shared/8uc8quxaqi

 

Comment es-tu arrivé(e) à cette page ?

 

Si tu veux le rétélécharger passe par là :

http://support.kaspersky.com/downloads/uti...alitykiller.zip

 

Par contre il faudra renommer l'exécutable en .com au lieu de .exe et coller le batch à côté.

 

--------------

 

Refais une passe combofix stp, il demandera à se mettre à jour, accepte.

[eva-chan]

heuu d'accord , mais heuu je comprends pas , faut pas le télécharger de cette page ? heuu je l'ai trouvé sur google !!

 

et heuu est ce que je dois le retélécharger ?ou c'est bon ?

Modifié le 12 avril 2010 par eva-chan

[Falkra]

On va voir, fais la passe combofix d'abord, ça donnera des indications.

[eva-chan]

voilà j'ai refait le scan de Combofix :

 

 

Nom de l'h“te: SWEET-57CB51F8B

Nom du systŠme d'exploitation: Microsoft Windows XP Professionnel

Version du systŠme: 5.1.2600 Service Pack 3 version 2600

Fabricant du systŠme d'exploitation: Microsoft Corporation

Configuration du systŠme d'exploitation: Station de travail autonome

Type de version du systŠme d'exploitation: Uniprocessor Free

Propri‚taire enregistr‚ÿ: SWEET

Organisation enregistr‚eÿ:

Identificateur de produit: 76413-640-7229107-23590

Date d'installation originale: 24/08/2009, 02:59:22

Dur‚e d'activit‚ systŠme: 0 jours, 2 heures, 15 minutes, 21 secondes

Fabricant du systŠme: Hewlett-Packard

ModŠle du systŠme: HP 510 Notebook PC (RU964AA#ABF)

Type du systŠme: X86-based PC

Processeur(s): 1 processeur(s) install‚(s).

[01]: x86 Family 6 Model 13 Stepping 8 GenuineIntel ~787 MHz

Version du BIOS: HP - 10070720

R‚pertoire Windows: C:\WINDOWS

R‚pertoire systŠme: C:\WINDOWS\system32

P‚riph‚rique d'amor‡age: \Device\HarddiskVolume1

Option r‚gionale du systŠme: fr;Fran‡ais (France)

ParamŠtres r‚gionaux d'entr‚eÿ: fr;Fran‡ais (France)

Fuseau horaire: N/D

M‚moire physique totale: 503 Mo

M‚moire physique disponible: 76 Mo

M‚moire virtuelle : taille maximale: 2ÿ048 Mo

M‚moire virtuelle : disponible: 1ÿ991 Mo

M‚moire virtuelle : en cours d'utilisation: 57 Mo

Emplacements des fichiers d'‚change: C:\pagefile.sys

Domaine: WORKGROUP

Serveur d'ouverture de session: \\SWEET-57CB51F8B

Correctif(s): 158 Corrections install‚es.

[01]: File 1

[02]: File 1

[03]: File 1

[04]: File 1

[05]: File 1

[06]: File 1

[07]: File 1

[08]: File 1

[09]: File 1

[10]: File 1

[11]: File 1

[12]: File 1

[13]: File 1

[14]: File 1

[15]: File 1

[16]: File 1

[17]: File 1

[18]: File 1

[19]: File 1

[20]: File 1

[21]: File 1

[22]: File 1

[23]: File 1

[24]: File 1

[25]: File 1

[26]: File 1

[27]: File 1

[28]: File 1

[29]: File 1

[30]: File 1

[31]: File 1

[32]: File 1

[33]: File 1

[34]: File 1

[35]: File 1

[36]: File 1

[37]: File 1

[38]: File 1

[39]: File 1

[40]: File 1

[41]: File 1

[42]: File 1

[43]: File 1

[44]: File 1

[45]: File 1

[46]: File 1

[47]: File 1

[48]: File 1

[49]: File 1

[50]: File 1

[51]: File 1

[52]: File 1

[53]: File 1

[54]: File 1

[55]: File 1

[56]: File 1

[57]: File 1

[58]: File 1

[59]: File 1

[60]: File 1

[61]: File 1

[62]: File 1

[63]: File 1

[64]: File 1

[65]: File 1

[66]: File 1

[67]: File 1

[68]: Q147222

[69]: KB887606 - Update

[70]: KB941833 - Update

[71]: WgaNotify - Update

[72]: IDNMitigationAPIs - Update

[73]: NLSDownlevelMapping - Update

[74]: KB928788

[75]: KB929399

[76]: KB929773

[77]: KB932390

[78]: KB933547

[79]: KB935551

[80]: KB935552

[81]: KB939209

[82]: KB939683

[83]: KB944882_WM11

[84]: KB945381_WM11

[85]: KB946665_WM11

[86]: KB950478_WM11

[87]: KB954067_WM11

[88]: KB954154_WM11

[89]: KB941569

[90]: ie7 - Update

[91]: KB889333-IE7 - Update

[92]: KB938127-IE7 - Update

[93]: KB953838-IE7 - Update

[94]: MSCompPackV1 - Update

[95]: KB898461 - Update

[96]: KB909520 - Update

[97]: KB917275 - Update

[98]: KB922120 - Update

[99]: KB932716 - Update

[100]: KB938464 - Update

[101]: KB940648 - Update

[102]: KB942213 - Update

[103]: KB942288 - Update

[104]: KB943326 - Update

[105]: KB943729 - Update

[106]: KB944043 - Update

[107]: KB944505 - Update

[108]: KB945015 - Update

[109]: KB946648 - Update

[110]: KB947100 - Update

[111]: KB947460 - Update

[112]: KB948046 - Update

[113]: KB948101 - Update

[114]: KB948720 - Update

[115]: KB949033 - Update

[116]: KB949127 - Update

[117]: KB949764 - Update

[118]: KB949900 - Update

[119]: KB950162 - Update

[120]: KB950312 - Update

[121]: KB950616 - Update

[122]: KB950762 - Update

[123]: KB950974 - Update

[124]: KB951066 - Update

[125]: KB951072 - Update

[126]: KB951126 - Update

[127]: KB951163 - Update

[128]: KB951376 - Update

[129]: KB951410 - Update

[130]: KB951531 - Update

[131]: KB951618 - Update

[132]: KB951624 - Update

[133]: KB951698 - Update

[134]: KB951709 - Update

[135]: KB951978 - Update

[136]: KB952020 - Update

[137]: KB952079 - Update

[138]: KB952206 - Update

[139]: KB952287 - Update

[140]: KB952954 - Update

[141]: KB953028 - Update

[142]: KB953323 - Update

[143]: KB953609 - Update

[144]: KB953761 - Update

[145]: KB953838 - Update

[146]: KB953839 - Update

[147]: KB954193 - Update

[148]: KB954232 - Update

[149]: KB954494 - Update

[150]: KB954708 - Update

[151]: KB955043 - Update

[152]: KB955109 - Update

[153]: KB955417 - Update

[154]: KB955535 - Update

[155]: KB955576 - Update

[156]: KB955843 - Update

[157]: KB955988 - Update

[158]: KB956072 - Update

Carte(s) r‚seau: 2 carte(s) r‚seau install‚e(s).

[01]: Intel® PRO/Wireless 2200BG Network Connection

Nom de la connexion : Connexion r‚seau sans fil

DHCP activ‚ : Oui

Serveur DHCP : 192.168.1.1

Adresse(s) IP

[01] : 192.168.1.4

[02]: Intel® PRO/100 VE Network Connection

Nom de la connexion : Connexion au r‚seau local

tat : Support d‚connect‚

12:35:43:125 1024 scanning threads ...

[Falkra]

Oups, Combofix, pas autre chose.

 

Combofix, c'est ça :

 

Télécharge la nouvelle version sur ton bureau depuis ce lien :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Ecrase l'ancien fichier avec le nouveau.

[eva-chan]

oui je l'ai fait avec un nouveau combofix XD

[Falkra]

Plus haut, ce n'est pas un rapport combofix ça.

 

Poste le contenu de c:\combofix.txt si tu as réutilisé combofix.

[eva-chan]

oui vous avez raison , je me suis trompée de fichier =)

voilà le rapport :

ComboFix 10-04-17.05 - Administrateur 18/04/2010 12:17:04.9.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.503.90 [GMT 2:00]

Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\PixArt\PAC207\Monitor.exe

 

c:\windows\system32\dbghlp.dll . . . est infecté!!

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ABP470N5

-------\Service_abp470n5

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-03-18 au 2010-04-18 ))))))))))))))))))))))))))))))))))))

.

 

2010-04-09 11:10 . 2010-04-09 11:10 -------- d-----w- c:\program files\gPotato.eu

2010-04-09 10:20 . 2010-04-09 10:21 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Antispyware

2010-04-09 09:56 . 2010-04-09 09:56 -------- d--h--w- c:\windows\PIF

2010-04-04 14:14 . 2010-04-04 14:14 -------- d-----w- C:\_OTM

2010-04-02 14:01 . 2010-04-02 14:25 -------- d-----w- c:\documents and settings\Administrateur\DoctorWeb

2010-04-01 19:32 . 2010-04-01 19:40 -------- d-----w- c:\program files\Easimp3

2010-03-30 19:46 . 2010-03-30 20:00 -------- d-----w- c:\program files\Sprintbit Software

2010-03-30 19:46 . 2010-03-30 19:46 -------- d-----w- c:\program files\Microsoft Synchronization Services

2010-03-30 19:46 . 2010-03-30 19:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-03-30 19:45 . 2010-03-30 19:45 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Sprintbit Software

2010-03-30 18:57 . 2007-02-23 14:57 94208 ----a-w- c:\windows\system32\eSellerateControl365.dll

2010-03-30 18:57 . 2010-03-30 18:57 -------- d-----w- c:\program files\Dione Software Solutions

2010-03-28 14:32 . 2010-03-28 14:32 122120 ----a-w- C:\VirutKiller.com

2010-03-28 14:32 . 2010-03-28 14:32 54 ----a-w- C:\run.bat

2010-03-27 21:12 . 2010-03-27 21:14 -------- d-----w- C:\FyK

2010-03-27 21:00 . 2010-03-27 21:01 -------- d-----w- C:\rsit

2010-03-27 13:16 . 2010-03-27 13:16 -------- d-----w- c:\windows\Logs

2010-03-27 11:30 . 2010-04-10 12:01 -------- d-----w- c:\documents and settings\All Users\files system

2010-03-26 01:12 . 2010-03-27 14:47 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Vuze_Remote

2010-03-26 01:12 . 2010-03-26 01:12 -------- d-----w- c:\program files\Vuze_Remote

2010-03-25 21:29 . 2008-09-27 00:58 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2010-03-20 16:33 . 2010-03-20 16:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-03-20 16:30 . 2010-03-20 17:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DAEMON Tools Lite

2010-03-20 16:30 . 2010-03-20 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2010-03-19 18:47 . 2010-03-19 18:47 -------- d-----w- c:\program files\Total Uninstall 5

2010-03-19 18:46 . 2010-03-19 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Martau

2010-03-19 18:05 . 2010-03-19 18:05 -------- d--h--w- c:\windows\system32\GroupPolicy

2010-03-19 17:59 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2010-03-19 17:58 . 2010-03-19 17:58 -------- d-----w- c:\program files\Panda Security

2010-03-19 12:01 . 2010-03-19 12:01 -------- d-----w- C:\$AVG

2010-03-19 12:00 . 2010-03-19 12:00 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-19 12:00 . 2010-03-19 12:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-19 11:59 . 2010-03-20 00:20 -------- d-----w- c:\windows\system32\drivers\Avg

2010-03-19 11:58 . 2010-03-19 11:58 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys

2010-03-19 11:58 . 2010-03-19 11:58 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2010-03-19 11:58 . 2010-03-19 11:58 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-19 11:58 . 2010-03-19 11:58 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-19 11:57 . 2010-03-19 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-03-19 11:20 . 2010-03-19 11:20 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-03-19 11:11 . 2010-03-19 16:17 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp

2010-03-19 11:11 . 2010-03-19 11:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-03-19 11:11 . 2010-03-19 17:47 -------- d-----w- c:\program files\Google

2010-03-19 11:11 . 2010-03-19 17:47 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Google

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-18 10:14 . 2008-04-14 12:00 73166 ----a-w- c:\windows\system32\perfc00C.dat

2010-04-18 10:14 . 2008-04-14 12:00 464690 ----a-w- c:\windows\system32\perfh00C.dat

2010-04-17 19:57 . 2010-02-01 19:01 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc

2010-04-17 19:56 . 2010-02-06 10:29 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss

2010-04-15 20:58 . 2010-03-04 18:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\LimeWire

2010-04-07 20:13 . 2008-09-27 10:24 291328 ----a-w- c:\windows\system32\ctfmon.exe

2010-04-07 20:12 . 2009-08-24 02:40 233472 ----a-w- c:\windows\system32\hkcmd.exe

2010-04-07 20:12 . 2009-08-24 02:40 241664 ----a-w- c:\windows\system32\igfxtray.exe

2010-04-01 20:31 . 2010-04-01 20:31 -------- d-----w- c:\program files\Winamp Detect

2010-03-30 19:47 . 2010-01-18 20:43 62560 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-27 23:11 . 2010-03-04 18:58 -------- d-----w- c:\program files\Online_Sharing

2010-03-25 02:00 . 2010-03-18 10:17 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DMCache

2010-03-19 09:18 . 2010-03-19 08:43 -------- d-----w- c:\program files\CheckPoint

2010-03-19 09:16 . 2010-03-19 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles

2010-03-19 09:08 . 2010-03-19 09:08 -------- d-----w- c:\program files\CCleaner

2010-03-19 08:43 . 2010-03-19 08:43 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-03-17 13:37 . 2010-02-07 17:27 -------- d-----w- c:\program files\KaraFun

2010-03-16 12:49 . 2010-03-16 12:48 -------- d-----w- c:\program files\iTunes

2010-03-16 12:48 . 2010-03-16 12:48 -------- d-----w- c:\program files\iPod

2010-03-16 12:48 . 2010-01-20 19:18 -------- d-----w- c:\program files\Fichiers communs\Apple

2010-03-16 12:44 . 2010-01-20 19:19 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Apple Computer

2010-03-16 12:36 . 2010-03-16 12:36 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2010-03-09 18:14 . 2010-01-31 19:33 -------- d-----w- c:\program files\Common Files

2010-03-09 11:33 . 2010-01-21 21:31 40592 ---ha-w- c:\windows\system32\mlfcache.dat

2010-03-05 10:36 . 2010-02-07 17:08 -------- d-----w- c:\program files\CyberLink

2010-03-05 10:32 . 2010-02-07 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink

2010-03-05 10:31 . 2010-01-22 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-03-05 10:29 . 2010-02-07 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp

2010-03-05 10:29 . 2010-03-05 10:29 110592 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe

2010-03-05 08:51 . 2010-03-05 08:50 92160 ----a-w- c:\documents and settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpt_link.exe

2010-03-05 08:51 . 2010-03-05 08:50 92160 ----a-w- c:\documents and settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe

2010-03-05 08:51 . 2010-03-05 08:50 84480 ----a-w- c:\documents and settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpcshell.exe

2010-03-05 08:51 . 2010-03-05 08:50 339968 ----a-w- c:\documents and settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpidl.exe

2010-03-05 08:51 . 2010-03-05 08:50 274432 ----a-w- c:\documents and settings\Administrateur\Application Data\LimeWire\browser\xulrunner\updater.exe

2010-03-05 08:51 . 2010-03-05 08:50 237568 ----a-w- c:\documents and settings\Administrateur\Application Data\LimeWire\browser\xulrunner\crashreporter.exe

2010-03-05 08:51 . 2010-03-05 08:50 180224 ----a-w- c:\documents and settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xulrunner.exe

2010-03-05 08:51 . 2010-03-05 08:50 155648 ----a-w- c:\documents and settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe

2010-03-05 08:51 . 2010-03-05 08:50 151552 ----a-w- c:\documents and settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe

2010-03-04 19:21 . 2010-03-04 18:58 -------- d-----w- c:\program files\LimeWire Acceleration Patch

2010-02-19 21:18 . 2010-02-19 21:18 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-02-09 10:00 . 2010-02-09 10:00 119986 ----a-w- c:\documents and settings\Administrateur\Application Data\Facebook\uninstall.exe

2010-02-07 19:25 . 2010-02-07 17:07 106496 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe

2010-02-07 15:01 . 2010-02-07 15:01 73728 ----a-w- c:\windows\unacev2.dll

2010-02-04 09:01 . 2010-03-27 13:18 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll

2010-02-04 09:01 . 2010-03-27 13:18 528216 ----a-w- c:\windows\system32\XAudio2_6.dll

2010-02-04 09:01 . 2010-03-27 13:18 238936 ----a-w- c:\windows\system32\xactengine3_6.dll

2010-02-04 09:01 . 2010-03-27 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Administrateur\Application Data\Facebook\axfbootloader.dll

2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Administrateur\Application Data\Facebook\npfbplugin_1_0_1.dll

2010-02-01 21:01 . 2009-08-24 00:57 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

.

 

------- Sigcheck -------

 

[-] 2008-09-27 . 4BB6301D634C857A5089E8B24C5555E4 . 593408 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

 

[-] 2008-09-27 . AAC42FD16A1976DE9A0773E740597644 . 693248 . . [5.82] . . c:\windows\system32\comctl32.dll

 

[-] 2008-09-27 . B6BC3773B01BF85B880F56C198EEA90B . 3774464 . . [7.00.6000.20861] . . c:\windows\system32\mshtml.dll

 

[-] 2008-09-27 . 65A2D2BD594EB3E670CECFFEED75FB69 . 2331008 . . [5.1.2600.5586] . . c:\windows\system32\ntoskrnl.exe

 

[-] 2008-09-27 . EF31A8266AF7996746392E4F45502536 . 517632 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

 

[-] 2008-09-27 . 90B16FF3ACEC94B95BA95AA686442A47 . 879616 . . [7.00.6000.20861] . . c:\windows\system32\wininet.dll

 

[-] 2008-09-27 . BFBBBFE0913E6C9706F97598A6588B8F . 1573888 . . [6.00.2900.5634] . . c:\windows\explorer.exe

 

[-] 2010-04-07 . 06ED3807EE85FC5F7DF12DF5ACAF6A21 . 291328 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

 

[-] 2008-09-27 . A3CA2B158B645447964ADC84FA7E6EE6 . 2207872 . . [5.1.2600.5586] . . c:\windows\system32\ntkrnlpa.exe

.

((((((((((((((((((((((((((((( SnapShot_2010-04-04_13.26.01 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-04-18 10:24 . 2010-04-18 10:24 16384 c:\windows\temp\Perflib_Perfdata_4dc.dat

+ 2010-01-22 20:18 . 2008-09-26 23:58 58368 c:\windows\system32\vfwwdm32.dll

- 2010-01-22 20:18 . 2008-09-27 00:58 58368 c:\windows\system32\vfwwdm32.dll

+ 2008-04-14 12:00 . 2008-04-14 12:00 83968 c:\windows\system32\ssstars.scr

+ 2008-04-14 12:00 . 2008-04-14 12:00 94208 c:\windows\system32\regsvr32.exe

- 2008-04-14 12:00 . 2010-04-04 13:22 59866 c:\windows\system32\perfc009.dat

+ 2008-04-14 12:00 . 2010-04-18 10:14 59866 c:\windows\system32\perfc009.dat

+ 2010-04-04 17:48 . 2010-04-04 17:48 22016 c:\windows\Installer\4acbed.msi

+ 2010-04-04 17:48 . 2010-04-04 17:48 83456 c:\windows\Installer\4acbe8.msi

- 2010-01-18 21:06 . 2010-01-18 21:06 58945 c:\windows\Installer\{5DD76286-9BE7-4894-A990-E905E91AC818}\wlmail.exe

+ 2010-04-04 17:49 . 2010-04-04 17:49 58945 c:\windows\Installer\{5DD76286-9BE7-4894-A990-E905E91AC818}\wlmail.exe

+ 2010-01-20 09:47 . 2010-04-07 20:12 315392 c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe

- 2010-01-20 09:47 . 2004-03-04 15:46 315392 c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe

+ 2008-04-14 12:00 . 2010-04-18 10:14 397394 c:\windows\system32\perfh009.dat

- 2008-04-14 12:00 . 2010-04-04 13:22 397394 c:\windows\system32\perfh009.dat

+ 2008-04-14 12:00 . 2008-04-14 12:00 503808 c:\windows\system32\ntvdm.exe

+ 2008-09-27 10:24 . 2008-09-27 10:24 473088 c:\windows\system32\cmd.exe

+ 2009-08-24 00:53 . 2008-09-27 10:24 187392 c:\windows\system32\calc.exe

+ 2010-01-22 20:17 . 2010-04-07 20:12 479232 c:\windows\PixArt\Pac7302\Monitor.exe

+ 2010-04-04 17:49 . 2010-04-04 17:49 816640 c:\windows\Installer\4acbf2.msi

+ 2008-09-27 10:25 . 2008-09-27 10:25 1591808 c:\windows\system32\mmc.exe

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinMover"="c:\program files\WinMover\WinMover.exe" [2005-12-02 10240]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"WebcamMaxAutoRun"="c:\program files\WebcamMax\WebcamMax.exe" [2009-12-30 5946000]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2010-04-07 291328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2010-04-07 241664]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2010-04-07 233472]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2010-04-07 397312]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2010-04-07 315392]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2010-04-07 200704]

"QuickTime Task"="c:\program files\QT Lite\QTTask.exe" [2009-11-10 417792]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2010-04-07 479232]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 292136]

"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-06-11 240736]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 259392]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Monitor.lnk - c:\program files\Hama\Hama Digital Software Suite\Media Card Companion\MCC Monitor.exe [2010-2-1 262144]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

"NoStrCmpLogical"= 0 (0x0)

"NoWelcomeScreen"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

"NoStrCmpLogical"= 0 (0x0)

"NoWelcomeScreen"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-19 12:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^LimeWire On Startup.lnk]

path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Lotus QuickStart.lnk]

path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Lotus QuickStart.lnk

backup=c:\windows\pss\Lotus QuickStart.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Lotus SuiteStart 97.lnk]

path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Lotus SuiteStart 97.lnk

backup=c:\windows\pss\Lotus SuiteStart 97.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\iTunes\\iTunesHelper.exe"=

"c:\\Program Files\\HP\\hpcoretech\\soln\\HPOSM.exe"=

"c:\\WINDOWS\\PixArt\\PAC7302\\Monitor.exe"=

"c:\\Program Files\\HP\\hpcoretech\\comp\\hptskmgr.exe"=

"c:\\WINDOWS\\system32\\netsh.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Hama\\Hama Digital Software Suite\\Media Card Companion\\MCC Monitor.exe"=

"c:\\WINDOWS\\system32\\igfxtray.exe"=

"c:\\lotus\\smartctr\\suitest.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\CyberLink\\YouCam\\YouCamTray.exe"=

"c:\\lotus\\wordpro\\ltsstart.exe"=

"c:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe"=

"c:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\SyncServer.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\CyberLink\\YouCam\\MUITransfer\\MUIStartMenu.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"=

"c:\\WINDOWS\\system32\\hkcmd.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"=

"c:\\WINDOWS\\system32\\cmd.exe"=

"c:\\Documents and Settings\\Administrateur\\Bureau\\ComboFix.exe"=

"c:\\Program Files\\Notepad++\\notepad++.exe"=

"c:\\WINDOWS\\system32\\igfxsrvc.exe"=

"c:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winjfmnv.exe"=

 

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [19/03/2010 13:58 25608]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [19/03/2010 13:58 161800]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [19/03/2010 19:59 28552]

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [06/02/2010 19:21 149376]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19/03/2010 13:58 333192]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [19/03/2010 13:58 360584]

S2 AVGIDSAgent;AVG9IDSAgent;"c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent --> c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [25/10/2007 19:31 616064]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/03/2010 18:33 691696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]

2008-08-28 14:35 124928 ----a-w- c:\windows\system32\advpack.dll

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

ucustomizesearch = hxxp://www.google.com/ie

usearchassistant = hxxp://www.google.com/ie

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - plugin: c:\documents and settings\Administrateur\Application Data\Facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-Run-PAC207_Monitor - c:\windows\PixArt\PAC207\Monitor.exe

HKLM-Run-Monitor - c:\windows\PixArt\PAC207\Monitor.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-18 12:25

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):42,bd,fb,3a,63,f6,e9,4b,71,f0,c9,3e,67,c5,99,7d,6d,ad,d8,8d,7b,

77,f6,3b,60,39,99,de,16,94,91,1e,6d,fe,e1,c7,7b,59,10,73,00,00,00,00,00,00,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c57df69a-8b20-48ae-bab5-5aad5cdc8f03}]

@Denied: (Full) (Everyone)

"Model"=dword:00000052

"Therad"=dword:00000007

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1720)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\COMRes.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(2000)

c:\windows\system32\scecli.dll

c:\windows\system32\SETUPAPI.dll

 

- - - - - - - > 'explorer.exe'(2720)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\program files\WinMover\WinMover.dll

c:\windows\system32\msi.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\MSVCP60.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\wscntfy.exe

c:\program files\HP\hpcoretech\comp\hptskmgr.exe

c:\program files\iPod\bin\iPodService.exe

c:\docume~1\ADMINI~1\LOCALS~1\Temp\winjfmnv.exe

.

**************************************************************************

.

Heure de fin: 2010-04-18 12:29:26 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-04-18 10:29

ComboFix2.txt 2010-04-04 16:36

ComboFix3.txt 2010-04-04 13:33

ComboFix4.txt 2010-03-28 13:25

ComboFix5.txt 2010-04-18 10:15

 

Avant-CF: 54 340 431 872 octets libres

Après-CF: 54 206 193 664 octets libres

 

- - End Of File - - B7B1190A50BABDC58E25E76A5A75F98B