Problème [RESOLU]

[gorby1980]

Bonjour.

 

J'ai Windows XP comme système et Avira comme anti-virus.

 

Comme j'ai des problèmes, j'ai fait tourner ComboFix. Voici le rapport :

 

ComboFix 11-02-05.01 - Florian 06.02.2011 14:53:35.7.2 - x86

Lancé depuis: c:\documents and settings\Florian\Bureau\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\~WRD1154.tmp

c:\documents and settings\Florian\Application Data\desktop.ini

c:\documents and settings\Florian\Application Data\igxpgd32.dat

c:\documents and settings\Florian\Application Data\inst.exe

c:\program files\Internet Explorer\complete.dat

c:\program files\Internet Explorer\dmlconf.dat

c:\windows\daemon.dll

c:\windows\system32\tmp.reg

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SVCHOST32

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2011-01-06 au 2011-02-06 ))))))))))))))))))))))))))))))))))))

.

 

2011-02-06 13:48 . 2011-02-06 13:48 -------- dc----w- c:\documents and settings\Florian\Application Data\Avira

2011-02-06 13:44 . 2011-02-06 13:45 -------- d-----w- c:\windows\system32\NtmsData

2011-02-06 13:41 . 2010-12-06 07:48 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-02-06 13:41 . 2010-12-06 07:48 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-02-06 13:41 . 2010-06-17 13:28 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-02-06 13:41 . 2010-06-17 13:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-02-06 13:41 . 2011-02-06 13:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Avira

2011-02-06 13:41 . 2011-02-06 13:41 -------- d-----w- c:\program files\Avira

2011-02-06 13:27 . 2011-02-06 13:23 6360005 ----a-w- c:\program files\nvu-1.0-win32-installer-fr.exe

2011-02-06 11:02 . 2010-02-02 09:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-02-06 11:02 . 2010-02-02 09:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-02-06 11:02 . 2010-02-02 09:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-02-06 10:54 . 2011-02-06 13:33 -------- d-----w- c:\program files\Spyware Doctor

2011-02-06 10:54 . 2011-02-06 12:10 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-02-06 10:54 . 2011-02-06 12:10 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-02-06 10:38 . 2011-02-06 10:55 -------- dc----w- c:\documents and settings\Florian\Application Data\GetRightToGo

2011-02-05 19:14 . 2011-02-05 19:14 -------- dcsh--w- c:\documents and settings\Florian\UserData

2011-02-05 18:04 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-02-05 08:28 . 2011-02-05 08:49 -------- d-----w- c:\program files\RegTweaker

2011-02-04 23:38 . 2011-02-05 20:14 -------- d-----w- c:\program files\temp

2011-02-04 23:37 . 2011-02-06 14:04 -------- d-----w- c:\program files\wetlipcc

2011-02-03 15:42 . 2011-02-03 15:42 -------- dc----w- c:\documents and settings\Florian\Application Data\Cat Girl Alliance

2011-01-30 21:57 . 2011-01-30 21:57 -------- d-----w- c:\program files\Prima

2011-01-30 21:52 . 2011-01-30 21:52 -------- dc----w- c:\documents and settings\Florian\Application Data\DAEMON Tools Pro

2011-01-30 21:52 . 2011-01-30 21:52 -------- dc----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro

2011-01-30 17:55 . 2002-08-30 13:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe

2011-01-30 17:55 . 2002-08-30 13:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe

2011-01-30 17:55 . 2002-08-30 13:00 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll

2011-01-30 17:55 . 2002-08-30 13:00 6656 ----a-w- c:\windows\system32\c_is2022.dll

2011-01-30 15:51 . 2001-08-23 16:47 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll

2011-01-30 15:51 . 2001-08-23 16:47 8704 ----a-w- c:\windows\system32\kbdjpn.dll

2011-01-30 15:51 . 2001-08-23 16:47 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll

2011-01-30 15:51 . 2001-08-23 16:47 8192 ----a-w- c:\windows\system32\kbdkor.dll

2011-01-30 15:51 . 2001-08-17 21:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll

2011-01-30 15:51 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101c.dll

2011-01-30 15:51 . 2001-08-17 21:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll

2011-01-30 15:51 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\kbd103.dll

2011-01-30 15:51 . 2001-08-17 21:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll

2011-01-30 15:51 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101b.dll

2011-01-30 15:51 . 2008-04-14 03:31 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll

2011-01-30 15:51 . 2008-04-14 03:31 6144 ----a-w- c:\windows\system32\kbd106.dll

2011-01-30 15:21 . 2011-01-30 19:12 -------- d-----w- c:\program files\ƒpƒNƒb‚¿‚Ⴄ‚¼!!

2011-01-12 17:01 . 2011-01-12 17:01 -------- d-----w- c:\documents and settings\Florian\Local Settings\Application Data\Help

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12 . 2007-08-11 08:36 86016 ----a-w- c:\windows\system32\isign32.dll

2010-11-09 14:52 . 2006-03-02 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-06-28 08:14 . 2010-06-28 08:14 341907 ----a-w- c:\program files\RHosts.exe

2010-06-27 22:36 . 2010-06-27 22:36 6153352 ----a-w- c:\program files\mbam-setup.exe

2010-06-27 22:14 . 2010-06-27 22:14 1224471 ----a-w- c:\program files\UsbFix.exe

2010-06-27 07:44 . 2010-06-27 07:44 1940640 ----a-w- c:\program files\RegCureSetup_CB.exe

2010-05-07 20:22 . 2010-05-07 20:22 1535112 ----a-w- c:\program files\rcsetup137_slim.exe

2010-03-15 10:51 . 2010-03-15 10:50 2390808 ----a-w- c:\program files\mp3tagv246setup.exe

2010-01-08 22:15 . 2010-01-08 22:15 504320 ----a-w- c:\program files\daemon347.exe

2010-01-08 20:56 . 2010-01-08 20:55 5374528 ----a-w- c:\program files\isobuster_isobuster_2.6_francais_10024.exe

2009-11-28 15:16 . 2009-11-28 15:16 2161920 ----a-w- c:\program files\mp3tagv245asetup.exe

2009-11-24 09:00 . 2009-11-24 09:00 2147428 ----a-w- c:\program files\mp3tag_mp3tag_2.44_francais_12753.exe

2009-11-17 16:12 . 2009-11-17 16:12 220454 ----a-w- c:\program files\unlocker1.8.8.exe

2008-11-07 16:21 . 2008-11-07 16:21 2015356 -c--a-w- c:\program files\VirtualDub.exe

2008-07-19 12:13 . 2008-07-19 12:13 4782536 -c--a-w- c:\program files\daemon4300-lite.exe

2008-07-05 12:33 . 2008-07-05 12:33 10072368 -c--a-w- c:\program files\copytodvd4_setup-avangate_678.exe

2008-05-06 08:53 . 2008-05-06 08:53 35745976 -c--a-w- c:\program files\AVSVideoReMaker.exe

2008-02-26 12:39 . 2008-02-26 12:39 164993 -c--a-w- c:\program files\mp3DC202.exe

2008-01-18 09:23 . 2008-01-18 09:23 412199 -c--a-w- c:\program files\asftools310.exe

2008-01-01 16:30 . 2008-01-01 16:30 39262553 -c--a-w- c:\program files\WE55FraTrial.exe

2007-12-28 08:57 . 2007-12-28 08:57 15180000 -c--a-w- c:\program files\gimp-2.4.2-i686-setup.exe

2007-12-02 18:02 . 2007-12-02 18:02 19343592 -c--a-w- c:\program files\internet_video_converter_1.50_en_setup.exe

2007-11-10 08:21 . 2007-11-10 08:21 223388 -c--a-w- c:\program files\MXPie Patch v3.6.exe

2007-10-24 22:46 . 2007-10-24 22:46 734160 -c--a-w- c:\program files\VobSub_2.23.exe

2007-10-02 09:26 . 2007-10-02 09:26 513911 -c--a-w- c:\program files\ZyGoVideo2Win.exe

2007-10-02 08:52 . 2007-10-02 08:52 13856793 -c--a-w- c:\program files\quicktimealt176.exe

2007-08-14 22:03 . 2007-08-14 22:03 2007901 -c--a-w- c:\program files\CodecPackPl.exe

2007-08-14 06:59 . 2007-08-14 06:59 3294480 -c--a-w- c:\program files\DivXCodec.exe

2007-08-13 19:22 . 2007-08-13 19:22 823296 -c--a-w- c:\program files\winmx353.exe

2002-09-11 20:54 . 2008-01-01 16:08 1708852 -c--a-w- c:\program files\FPESETUP_wu.exe

2000-11-15 08:21 . 2007-12-03 17:07 267751 -c--a-w- c:\program files\hjsplit.exe

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}]

2010-12-12 08:56 242176 ------w- c:\program files\RegTweaker\key.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 68856]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-07 323392]

"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2010-09-23 689016]

"Google Update"="c:\documents and settings\Florian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-26 136176]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-08-03 53248]

"S3Trayp"="S3trayp.exe" [2006-07-10 176128]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-08-14 352256]

"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-10-09 198160]

"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-06 281768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\wetlipcc\fklxspls.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2003-12-08 16:35 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-08-16 07:42 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-10-09 07:06 198160 ------w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\WINDOWS\\system32\\lxczcoms.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\WinMX\\WinMX.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\FileZilla Client\\filezilla.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58295:TCP"= 58295:TCP:Pando P2P TCP Listening Port

"58295:UDP"= 58295:UDP:Pando P2P UDP Listening Port

"58489:TCP"= 58489:TCP:Pando P2P TCP Listening Port

"58489:UDP"= 58489:UDP:Pando P2P UDP Listening Port

"58475:TCP"= 58475:TCP:Pando P2P TCP Listening Port

"58475:UDP"= 58475:UDP:Pando P2P UDP Listening Port

"58341:TCP"= 58341:TCP:Pando P2P TCP Listening Port

"58341:UDP"= 58341:UDP:Pando P2P UDP Listening Port

"6699:TCP"= 6699:TCP:TCP-WinMx

"6257:UDP"= 6257:UDP:UDP-WinMx

 

R1 MpKsl6a12704a;MpKsl6a12704a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2199C634-5E85-4870-A4A3-1F96AA4D1C91}\MpKsl6a12704a.sys [x]

R1 MpKsl6df85491;MpKsl6df85491;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2199C634-5E85-4870-A4A3-1F96AA4D1C91}\MpKsl6df85491.sys [x]

R1 MpKslc1c357bc;MpKslc1c357bc;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2199C634-5E85-4870-A4A3-1F96AA4D1C91}\MpKslc1c357bc.sys [x]

R1 tcuptzyx;tcuptzyx;c:\windows\system32\drivers\tcuptzyx.sys [x]

R3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [2008-11-18 16640]

R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-12-20 251760]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-02-02 33552]

R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service [x]

S0 d347bus;d347bus;c:\windows\system32\DRIVERS\d347bus.sys [2004-08-22 155136]

S0 d347prt;d347prt;c:\windows\System32\Drivers\d347prt.sys [2004-08-22 5248]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-08 691696]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-02-02 51984]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-02-02 59664]

S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [2004-10-05 15872]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-06 135336]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - SSMDRV

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]

2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contenu du dossier 'Tâches planifiées'

 

2011-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-630328440-725345543-1004Core.job

- c:\documents and settings\Florian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-26 13:32]

 

2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-630328440-725345543-1004UA.job

- c:\documents and settings\Florian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-26 13:32]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.teletext.ch/TSR1/100-00.html

uInternet Settings,ProxyServer = http=127.0.0.1:8992

uInternet Settings,ProxyOverride = <local>

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe

Trusted Zone: link.io\www

Trusted Zone: megaupload.com\www

FF - ProfilePath - c:\documents and settings\Florian\Application Data\Mozilla\Firefox\Profiles\tpv9lt36.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.teletext.ch/tsr1/100-00.html

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-Facemoi - c:\facemoi\facemoi.exe

HKLM-Run-Facemoi - c:\facemoi\facemoi.exe

AddRemove-eBay Icon - c:\documents and settings\Florian\Application Data\Desktopicon\uninst.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-02-06 15:05

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'explorer.exe'(2356)

c:\windows\system32\webcheck.dll

c:\progra~1\FICHIE~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

c:\program files\Fichiers communs\Microsoft Shared\Web Components\10\1036\OWCI10.DLL

c:\progra~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

c:\program files\Fichiers communs\Microsoft Shared\Web Components\11\1036\OWCI11.DLL

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\ImgUtil.dll

c:\windows\system32\pngfilt.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\lxczcoms.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\VTTimer.exe

c:\windows\system32\S3trayp.exe

c:\program files\Lexmark 1200 Series\lxczbmon.exe

c:\program files\Internet Explorer\iexplore.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Heure de fin: 2011-02-06 15:09:39 - La machine a redémarré

ComboFix-quarantined-files.txt 2011-02-06 14:09

 

Avant-CF: 15'388'868'608 octets libres

Après-CF: 15'464'312'832 octets libres

 

- - End Of File - - B8D9DB6EE18F67F703A3A2843C195587

 

HELP !!!!!!!!!!!!!

Modifié le 7 février 2011 par gorby1980

[gorby1980]

Apparemment, c'est réglé.

[nardino]

Bonjour

Il serait aimable de faire partager ta solution.

C'est un peu le but des forums,non ?

@+

[Ratt]

Il suffit de ne pas lire que Zebulon ...tsss !! c'est régressant \o_ Rapport ComboFix concernant un ver - Le Forum de Génération Nouvelles Technologies

 

CFScript::

Folder::
c:\program files\wetlipcc
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"=-
[HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"