[RESOLU]Pc crash + Hithisjack

pear · le 16 juin 2010

Bonsoir,

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB…).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Vérifiez que l'antivirus soit bien désactivé car un redémarrage le réactive

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

KillAll::

driver::

GarenaPEngine

File::

c:\docume~1\Steven\LOCALS~1\Temp\ZNH2888.tmp

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.

Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

Le rapport de ComboFix ne s'affichera qu'à la fin

Poster son contenu.

Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

Ensuite , vos commentaires, svp

Modifié le 16 juin 2010 par pear

Bprime · le 16 juin 2010

Ca me marque je j'ai l'antivirus Eset NOD32 en marche alors qu'il est pas installé sur mon ordinateur. Je dois quand même faire votre application ?

pear · le 17 juin 2010

oui.

Bprime · le 17 juin 2010

ComboFix 10-06-15.04 - Lastchance 17/06/2010 13:46:11.2.2 - x86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1798 [GMT 2:00]

Lancé depuis: c:\documents and settings\Lastchance\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Lastchance\Bureau\CFScript.txt

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

FILE ::

"c:\docume~1\Steven\LOCALS~1\Temp\ZNH2888.tmp"

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_GARENAPENGINE

-------\Service_GarenaPEngine

((((((((((((((((((((((((((((( Fichiers créés du 2010-05-17 au 2010-06-17 ))))))))))))))))))))))))))))))))))))

.

2010-06-16 21:10 . 2010-06-16 21:10 -------- d-----w- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP

2010-06-16 17:40 . 2010-06-16 17:41 637499 ----a-w- c:\windows\P5K-ASUS-1103.zip

2010-06-16 17:34 . 2010-06-16 17:34 638845 ----a-w- c:\windows\P5K-1201.zip

2010-06-16 17:27 . 2005-05-03 18:43 69632 ------r- c:\windows\Alcmtr.exe

2010-06-16 16:14 . 2010-06-16 16:14 -------- d-----w- c:\program files\ASUS

2010-06-16 16:09 . 2006-08-01 15:02 49152 ------r- c:\windows\system32\ChCfg.exe

2010-06-16 16:07 . 2010-06-16 17:25 -------- d-----w- c:\program files\Realtek

2010-06-16 16:07 . 2010-06-16 16:07 315392 ----a-w- c:\windows\HideWin.exe

2010-06-16 16:07 . 2007-01-12 16:54 520192 ------r- c:\windows\RtlExUpd.dll

2010-06-16 16:05 . 2006-10-11 11:33 10288 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS

2010-06-16 12:35 . 2010-06-16 12:55 -------- d---a-w- C:\Navilog1

2010-06-16 12:35 . 2010-06-16 12:55 -------- d-----w- c:\program files\navilog1

2010-06-15 17:55 . 2010-06-15 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles

2010-06-15 17:43 . 2010-06-16 12:27 12552 ----a-w- c:\windows\system32\drivers\hddirect.sys

2010-06-15 17:00 . 2010-06-15 17:00 -------- d-----w- c:\documents and settings\Lastchance\Application Data\Malwarebytes

2010-06-15 17:00 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-15 17:00 . 2010-06-15 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-15 17:00 . 2010-06-15 17:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-15 17:00 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-14 20:06 . 2010-06-14 20:06 -------- d-----w- C:\NVIDIA

2010-06-14 19:58 . 2010-06-14 20:14 -------- d-----w- c:\program files\ma-config.com

2010-06-14 19:58 . 2010-06-14 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com

2010-06-14 19:49 . 2010-06-14 19:49 29192 ----a-w- c:\documents and settings\Lastchance\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-14 14:32 . 2010-06-14 14:32 -------- d-----w- c:\program files\NortonInstaller

2010-06-13 15:56 . 2010-06-13 15:56 -------- d-----w- c:\documents and settings\Lastchance\Application Data\Yahoo!

2010-06-13 15:56 . 2010-06-13 15:56 -------- d-----w- c:\documents and settings\Lastchance\Local Settings\Application Data\Winamp Toolbar

2010-06-13 15:21 . 2010-06-16 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-06-13 15:21 . 2010-06-13 15:21 -------- d-----w- c:\program files\Alwil Software

2010-06-13 14:40 . 2010-06-13 14:40 -------- d-sh--w- c:\documents and settings\Lastchance\PrivacIE

2010-06-13 14:23 . 2010-06-13 14:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-06-13 14:15 . 2010-06-16 21:18 -------- d-----w- c:\documents and settings\Lastchance\Tracing

2010-06-13 14:10 . 2010-06-16 22:02 -------- d-----w- c:\documents and settings\Lastchance\Application Data\skypePM

2010-06-13 14:10 . 2010-06-13 14:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2010-06-13 14:10 . 2010-06-13 14:12 -------- d-----w- c:\documents and settings\Lastchance\Local Settings\Application Data\Google

2010-06-13 14:10 . 2010-06-13 14:12 -------- d-----w- c:\program files\Google

2010-06-13 14:10 . 2010-06-16 23:52 -------- d-----w- c:\documents and settings\Lastchance\Application Data\Skype

2010-06-02 17:48 . 2010-06-02 17:48 -------- d-----w- c:\documents and settings\Lastchance\Local Settings\Application Data\Mozilla

2010-06-02 17:47 . 2010-06-16 21:36 -------- d-----w- c:\documents and settings\Lastchance\Application Data\mIRC

2010-06-02 17:29 . 2010-06-02 17:29 503808 ----a-w- c:\documents and settings\Lastchance\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3658e3ec-n\msvcp71.dll

2010-06-02 17:29 . 2010-06-02 17:29 499712 ----a-w- c:\documents and settings\Lastchance\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3658e3ec-n\jmc.dll

2010-06-02 17:20 . 2010-06-02 17:22 -------- d-----r- c:\documents and settings\Lastchance\Favoris

2010-06-02 17:20 . 2010-06-16 21:48 -------- d-----r- c:\documents and settings\Lastchance\Mes documents

2010-06-02 17:20 . 2010-06-16 13:28 -------- d-----w- c:\documents and settings\Lastchance

2010-06-02 17:20 . 2008-09-17 13:42 -------- d--h--w- c:\documents and settings\Lastchance\Voisinage réseau

2010-06-02 17:20 . 2008-09-17 13:42 -------- d--h--w- c:\documents and settings\Lastchance\Voisinage d'impression

2010-06-02 17:20 . 2008-09-17 13:42 -------- d-----r- c:\documents and settings\Lastchance\Menu Démarrer

2010-06-02 17:20 . 2008-09-17 11:48 -------- d--h--w- c:\documents and settings\Lastchance\Modèles

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-17 11:53 . 2010-01-05 14:22 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2010-06-17 11:53 . 2010-01-05 14:16 0 ----a-w- c:\windows\system32\drivers\logiflt.iad

2010-06-16 21:47 . 2009-12-27 00:11 -------- d-----w- c:\program files\Heroes of Newerth

2010-06-16 21:18 . 2008-09-17 12:12 -------- d-----w- c:\program files\mIRC

2010-06-16 17:32 . 2008-09-18 21:25 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-06-14 14:31 . 2009-08-28 12:05 -------- d-----w- c:\program files\Procaster

2010-06-13 15:52 . 2009-09-06 16:06 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared

2010-06-13 15:14 . 2009-08-21 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-06-13 14:10 . 2009-11-05 02:11 -------- d-----r- c:\program files\Skype

2010-06-02 17:29 . 2010-06-02 17:29 348160 ----a-w- c:\documents and settings\Lastchance\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3658e3ec-n\msvcr71.dll

2010-05-13 14:30 . 2010-04-09 17:41 -------- d-----w- c:\documents and settings\hack\Application Data\mIRC

2010-05-13 14:26 . 2010-05-13 14:26 -------- d-----w- c:\documents and settings\hack\Application Data\Yahoo!

2010-04-08 17:31 . 2008-04-14 14:00 77278 ----a-w- c:\windows\system32\perfc00C.dat

2010-04-08 17:31 . 2008-04-14 14:00 474734 ----a-w- c:\windows\system32\perfh00C.dat

2010-04-02 14:54 . 2008-09-17 13:45 600680 ----a-w- c:\windows\system32\nvuninst.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-06-16_16.41.14 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-12-01 22:46 . 2006-12-01 22:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll

+ 2006-12-01 22:08 . 2006-12-01 22:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll

+ 2006-12-01 22:08 . 2006-12-01 22:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll

+ 2006-12-01 22:08 . 2006-12-01 22:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll

+ 2006-12-01 22:08 . 2006-12-01 22:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll

+ 2006-12-01 22:08 . 2006-12-01 22:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll

+ 2006-12-01 22:08 . 2006-12-01 22:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll

+ 2006-12-01 22:08 . 2006-12-01 22:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll

+ 2006-12-01 22:08 . 2006-12-01 22:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll

+ 2006-12-01 22:08 . 2006-12-01 22:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll

+ 2006-12-01 22:26 . 2006-12-01 22:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll

+ 2006-12-01 22:25 . 2006-12-01 22:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll

+ 2006-12-01 20:56 . 2006-12-01 20:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll

+ 2010-06-17 11:53 . 2010-06-17 11:53 16384 c:\windows\temp\Perflib_Perfdata_5cc.dat

+ 2010-06-16 21:10 . 2010-06-16 21:10 83296 c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla1.dll

+ 2010-06-16 21:10 . 2010-06-16 21:10 73728 c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla.dll

+ 2010-06-16 21:10 . 2010-06-16 21:10 27912 c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCall.dll

+ 2010-06-16 21:10 . 2010-06-16 21:10 42248 c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustCall64.dll

+ 2010-06-17 11:53 . 2009-10-07 00:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll

+ 2010-06-16 21:47 . 2010-06-16 21:47 331264 c:\windows\Installer\1b3f6b.msi

+ 2006-12-01 22:25 . 2006-12-01 22:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll

+ 2006-12-01 22:25 . 2006-12-01 22:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]

"nwiz"="nwiz.exe" [2007-12-05 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"Launch LGDCore"="c:\program files\Fichiers communs\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoSMMyPictures"= 0 (0x0)

"NoSMConfigurePrograms"= 1 (0x1)

"NoStartMenuMyMusic"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoSMMyPictures"= 0 (0x0)

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoStartMenuMyMusic"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDDirect.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\ABC\\abc.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Garena\\Garena.exe"=

"c:\\Program Files\\Valve\\Steam\\SteamApps\\hacknbt\\counter-strike\\hl.exe"=

"c:\\Program Files\\Valve\\Steam\\SteamApps\\hacknbt\\day of defeat\\hl.exe"=

"c:\\Program Files\\Valve\\Steam\\SteamApps\\spaylz\\counter-strike\\hl.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Valve\\Steam\\SteamApps\\hacknbt\\ricochet\\hl.exe"=

"c:\\Program Files\\Valve\\Steam\\SteamApps\\hacknbt\\condition zero\\hl.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\PPLive\\PPLive.exe"=

"c:\\Program Files\\Heroes of Newerth\\hon.exe"=

"c:\\Program Files\\Valve\\Steam\\Steam.exe"=

"c:\\Program Files\\Valve\\Steam\\SteamApps\\bernardfraiture@hotmail.com\\counter-strike source\\hl2.exe"=

"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\aliens vs predator demo\\AvP.exe"=

"c:\\Program Files\\mIRC\\backups\\mirc.exe"=

"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6113:TCP"= 6113:TCP:Warcraft

"1935:TCP"= 1935:TCP:tudu

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"7352:TCP"= 7352:TCP:Services

"7353:TCP"= 7353:TCP:Services

"3389:TCP"= 3389:TCP:Remote Desktop

"3246:TCP"= 3246:TCP:Services

"2479:TCP"= 2479:TCP:Services

"8721:TCP"= 8721:TCP:Services

R1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [15/07/2007 04:37 27992]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 20:19 50704]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [17/09/2008 15:38 36864]

S2 gupdate1cb0b022f04ccf8;Service Google Update (gupdate1cb0b022f04ccf8);c:\program files\Google\Update\GoogleUpdate.exe [13/06/2010 16:10 133104]

S3 HDDirect;Hard Disk Direct Control;c:\windows\system32\drivers\hddirect.sys [15/06/2010 19:43 12552]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [10/06/2010 17:15 253808]

S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;c:\windows\system32\drivers\usbiad.sys [17/09/2008 14:04 31579]

.

Contenu du dossier 'Tâches planifiées'

2010-02-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 08:04]

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 14:10]

2010-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 14:10]

.

.

------- Examen supplémentaire -------

.

uStart Page = about:blank

FF - ProfilePath - c:\documents and settings\Lastchance\Application Data\Mozilla\Firefox\Profiles\rdx9rf3v.default\

FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll

FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll

FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Root k it Detector and Remover

Rootkit scan 2010-06-17 13:53

Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(5824)

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\nview.dll

c:\windows\system32\NVWRSFR.DLL

c:\windows\system32\nvwddi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\rundll32.exe

c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Heure de fin: 2010-06-17 13:56:28 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-06-17 11:56

ComboFix2.txt 2010-06-16 16:41

Avant-CF: 217 733 337 088 octets libres

Après-CF: 217 652 129 792 octets libres

- - End Of File - - F03DBE03115DCC517782EC4751FF9972

Mon gestionnaire périphériques est de retour.

Mon pc était brancher toute la journée , aucun soucis.

Un grand merci pour l'aide.

Modifié le 27 juin 2010 par Bprime

Connexion

Pas encore inscrit ?

[RESOLU]Pc crash + Hithisjack

Messages recommandés

pear

Bprime

pear

Bprime

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer