[Résolu] impossible de lancer kaspersky

kolchok · le 16 février 2011

bonjour,

ComboFix 11-02-15.04 - kolchok 16/02/2011 12:24:32.1.4 - x64

Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1033.18.2750.1765 [GMT 1:00]

Lancé depuis: c:\users\kolchok\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\programdata\Desktop

c:\users\kolchok\AppData\Roaming\Local

c:\users\kolchok\AppData\Roaming\Local\Temp\DDM\Settings\.ddr

c:\users\kolchok\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\kolchok\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi

c:\users\kolchok\AppData\Roaming\Local\Temp\DDM\Settings\Megamind.2010.FRENCH.DVDSCR.LD.REPACK.1CD.XviD-SERENiTY-UNDERGROUNDDDL.COM.avi.ddr

c:\users\kolchok\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\kolchok\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)

c:\users\kolchok\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Megamind.2010.FRENCH.DVDSCR.LD.REPACK.1CD.XviD-SERENiTY-UNDERGROUNDDDL.COM.avi.ddp

c:\windows\system32\rockers.reg

c:\windows\SysWow64\rockers.reg

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-01-16 au 2011-02-16 ))))))))))))))))))))))))))))))))))))

.

2011-02-16 11:30 . 2011-02-16 11:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-16 02:05 . 2011-02-16 02:13 270856 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2011-02-16 02:05 . 2011-02-16 02:05 -------- d-----w- c:\users\kolchok\AppData\Local\PunkBuster

2011-02-15 13:29 . 2011-02-15 13:29 -------- d-----w- c:\program files (x86)\SEAF

2011-02-14 20:32 . 2011-02-14 20:32 -------- d-----w- c:\users\kolchok\AppData\Roaming\Hi-Rez Studios

2011-02-14 20:32 . 2011-02-14 20:32 -------- d--h--w- c:\windows\msdownld.tmp

2011-02-14 20:32 . 2011-02-14 20:32 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP

2011-02-14 20:31 . 2011-02-14 20:31 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2011-02-14 04:50 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll

2011-02-13 20:05 . 2011-02-13 20:05 -------- d-----w- c:\program files (x86)\Ad-Remover

2011-02-13 07:27 . 2011-02-13 07:27 -------- d--h--r- c:\users\kolchok\AppData\Roaming\SecuROM

2011-02-13 04:11 . 2011-02-13 04:11 -------- d-sh--w- c:\programdata\DSS

2011-02-13 03:48 . 2011-02-13 03:51 -------- d-----w- c:\users\kolchok\AppData\Roaming\DAEMON Tools Lite

2011-02-13 03:48 . 2011-02-13 03:51 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-02-12 09:24 . 2011-02-12 09:24 -------- d-----w- c:\programdata\Steam

2011-02-12 09:24 . 2011-02-12 09:25 -------- d-----w- c:\programdata\PopCap Games

2011-02-09 02:01 . 2010-12-18 03:35 2381824 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-09 02:01 . 2010-12-18 03:15 2381824 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-02-09 02:01 . 2010-12-18 03:39 1502208 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-09 02:01 . 2010-12-18 03:19 1448448 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-02-08 23:45 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF044FD4-7991-4B48-85D4-200BCD6D3DE3}\mpengine.dll

2011-01-18 09:18 . 2011-02-14 08:38 -------- d-----w- c:\users\kolchok\AppData\Roaming\DivX

2011-01-18 09:18 . 2011-01-18 09:18 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine

2011-01-18 09:18 . 2011-01-18 09:18 -------- d-----w- c:\program files\DivX

2011-01-18 09:17 . 2011-01-18 09:18 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-30 10:59 . 2011-01-11 11:01 2690280 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys

2010-12-30 00:35 . 2010-10-05 20:09 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2010-12-29 13:30 . 2011-01-11 11:01 2828904 ----a-w- c:\windows\system32\RtkAPO64.dll

2010-12-28 14:51 . 2011-01-11 11:01 608768 ----a-w- c:\windows\system32\RCoRes64.dat

2010-12-22 10:28 . 2011-01-11 11:01 2328168 ----a-w- c:\windows\system32\RtPgEx64.dll

2010-12-20 17:08 . 2010-11-14 18:03 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-14 02:12 . 2010-12-14 02:13 521448 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-29 17:47 . 2011-01-11 11:01 2578576 ----a-w- c:\windows\system32\WavesGUILib.dll

2010-11-29 17:47 . 2011-01-11 11:01 1868944 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll

2010-11-23 17:45 . 2011-01-11 11:01 1247848 ----a-w- c:\windows\system32\RTCOM64.dll

2010-11-22 10:39 . 2011-01-11 11:01 626792 ----a-w- c:\windows\system32\RtkApi64.dll

.

------- Sigcheck -------

[-] 2010-10-06 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] . . c:\windows\SysWOW64\user32.dll

[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[-] 2010-10-06 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] . . c:\windows\system32\user32.dll

[-] 2010-10-06 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] . . c:\windows\SysWOW64\user32.dll

[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[-] 2010-10-06 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] . . c:\windows\system32\user32.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-10-5 1207312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 136176]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-06 1255736]

S0 videX64;videX64;c:\windows\system32\DRIVERS\videX64.sys [2010-02-11 15000]

S0 xfiltx64;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfiltx64.sys [2010-02-11 26776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]

S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-07-23 52736]

.

Contenu du dossier 'Tâches planifiées'

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 20:51]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Examen supplémentaire -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

FF - ProfilePath - c:\users\kolchok\AppData\Roaming\Mozilla\Firefox\Profiles\je2z1rt4.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa

.

- - - - ORPHELINS SUPPRIMES - - - -

Notify-klogon - (no file)

Notify-LBTWlgn - (no file)

AddRemove-installer - c:\program files (x86)\Installer\un_installer_21627.exe

AddRemove-Magelo Sync - c:\program files (x86)\Magelo\Magelo Sync\UnInstall.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1832532766-817392245-452576883-1000\Software\SecuROM\License information*]

"datasecu"=hex:e2,35,9d,5a,62,2a,75,4c,38,87,7b,de,c9,7e,57,b4,44,85,a9,2a,ac,

60,8a,42,81,70,d8,7f,08,cc,5b,05,e0,54,73,e4,f4,d9,77,37,50,84,84,52,bd,c8,\

"rkeysecu"=hex:c2,af,b8,dc,a2,ec,ac,41,f0,cd,ed,17,ee,98,77,f4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files\Logitech\SetPoint\x86\SetPoint32.exe

c:\program files (x86)\Windows Media Player\wmplayer.exe

.

**************************************************************************

.

Heure de fin: 2011-02-16 12:38:38 - La machine a redémarré

ComboFix-quarantined-files.txt 2011-02-16 11:38

Avant-CF: 374 985 760 768 octets libres

Après-CF: 374 742 278 144 octets libres

- - End Of File - - 654941B1AFEDE1CE408A8031A8218979

Modifié le 16 février 2011 par kolchok

pear · le 16 février 2011

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB…).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Vérifiez que l'antivirus soit bien désactivé car un redémarrage le réactive

# Dans le bloc-note ,copiez-collez ces lignes :

KillAll::

Driver::

"Bonjour Service"

gupdate

File::

c:\Program Files\\Bonjour\\mDNSResponder.exe

c:\program files\Google\Update\GoogleUpdate.exe

c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

Fcopy::

c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll | c:\windows\SysWOW64\user32.dll

c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll | c:\windows\System32\user32.dll

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

Ouvrez Combofix

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.

Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

Le rapport de ComboFix ne s'affichera qu'à la fin

Poster son contenu.

Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

[/color]

kolchok · le 17 février 2011

bonsoir, voila le rapport de combofix

ComboFix 11-02-15.04 - kolchok 17/02/2011 20:03:55.2.4 - x64

Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1033.18.2750.2029 [GMT 1:00]

Lancé depuis: c:\users\kolchok\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\users\kolchok\Desktop\CFScript.txt.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::

"c:\program files\\Bonjour\\mDNSResponder.exe"

"c:\program files\Google\Update\GoogleUpdate.exe"

"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

.

--------------- FCopy ---------------

c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll --> c:\windows\SysWOW64\user32.dll

c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll --> c:\windows\System32\user32.dll

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_gupdate

((((((((((((((((((((((((((((( Fichiers créés du 2011-01-17 au 2011-02-17 ))))))))))))))))))))))))))))))))))))

.

2011-02-17 19:10 . 2011-02-17 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-16 23:10 . 2011-02-17 03:27 -------- d-----w- c:\program files (x86)\EA GAMES

2011-02-16 23:09 . 2004-10-22 01:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

2011-02-16 23:09 . 2004-10-22 01:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

2011-02-16 23:09 . 2004-10-22 01:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

2011-02-16 23:09 . 2004-10-22 01:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

2011-02-16 23:09 . 2004-10-22 01:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

2011-02-16 23:09 . 2011-02-16 23:09 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

2011-02-16 23:09 . 2011-02-16 23:09 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

2011-02-16 02:05 . 2011-02-17 17:18 270856 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2011-02-16 02:05 . 2011-02-17 04:00 -------- d-----w- c:\users\kolchok\AppData\Local\PunkBuster

2011-02-15 20:58 . 2011-02-15 20:58 -------- d-----w- c:\users\kolchok\AppData\Local\Electronic Arts