Merci Jean
alors tout s’est bien passé.
et je n’ai pas eu de soucis au redémarrage avec la conexion internet.
premier rapport
ComboFix 09-10-07.05 - Administrateur 08/10/2009 13:04.1.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3327.2569 [GMT -5:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\dyazy.exe
AV: Kaspersky Internet Security On-access scanning disabled (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security disabled {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur\Mes documents\cc_20090911_172913.reg
c:\documents and settings\Administrateur\Mes documents\registre 080809.reg
c:\documents and settings\Administrateur\Mes documents\registre 250709.reg
c:\recycler\S-1-5-21-1343024091-1935655697-725345543-500
c:\windows\Installer\12b2f4.msi
c:\windows\Installer\1b803.msi
c:\windows\Installer\2329c9.msi
c:\windows\Installer\24b32.msi
c:\windows\Installer\24b3a.msi
c:\windows\Installer\24b46.msi
c:\windows\Installer\35e27.msp
c:\windows\Installer\35e2f.msi
c:\windows\Installer\3e815.msi
c:\windows\Installer\4154c2.msp
c:\windows\Installer\501357.msi
c:\windows\Installer\feb91.msi
c:\windows\Installer\WMEncoder.msi
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-08 au 2009-10-08 ))))))))))))))))))))))))))))))))))))
.
2009-10-08 00:03 . 2009-10-08 00:03 -------- d-----w- c:\windows\system32\AGEIA
2009-10-08 00:03 . 2009-10-08 00:03 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-08 00:03 . 2009-10-08 00:03 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-10-07 21:54 . 2009-10-07 22:16 -------- d-----w- c:\program files\Ad-Remover
2009-10-06 19:06 . 2009-10-06 19:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-02 16:04 . 2009-10-02 16:04 -------- d-----w- c:\program files\Panda USB Vaccine
2009-09-30 21:46 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-30 21:45 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 21:45 . 2009-09-30 22:07 -------- d-----w- c:\program files\Malwarebytes’ Anti-Malware
2009-09-23 14:28 . 2009-09-23 14:29 -------- d-----w- c:\windows\system32\NtmsData
2009-09-19 08:01 . 2009-09-19 08:01 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-19 08:01 . 2009-09-19 08:01 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-19 08:01 . 2009-09-19 08:01 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-19 08:01 . 2009-09-19 08:01 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-19 08:01 . 2009-09-19 08:01 163840 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-19 08:01 . 2009-09-19 08:01 163840 ----a-w- c:\windows\system32\nvcod.dll
2009-09-19 08:01 . 2009-09-19 08:01 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-18 00:33 . 2009-09-19 08:01 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-18 00:26 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-18 00:26 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-18 00:26 . 2009-09-04 22:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-18 00:26 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-18 00:26 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-18 00:26 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-18 00:26 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-18 00:17 . 2009-09-18 00:17 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-18 00:04 . 2009-09-18 00:16 -------- d-----w- c:\windows\system32\AGEIA(2)
2009-09-18 00:04 . 2009-09-18 00:16 -------- d-----w- c:\program files\AGEIA Technologies(2)
2009-09-17 15:15 . 2009-09-17 15:15 3666293 ----a-w- c:\windows\LEGO Star Wars.SCR
2009-09-17 15:14 . 2009-09-17 15:14 -------- d-----w- c:\documents and settings\Administrateur\Application Data\iScreensaver
2009-09-13 21:20 . 2009-10-07 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-12 01:40 . 2009-09-12 01:40 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Lucasarts
2009-09-11 22:28 . 2009-09-11 22:28 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GlarySoft
2009-09-11 21:57 . 2009-09-11 21:57 -------- d-----w- c:\program files\Glary Utilities
2009-09-11 20:15 . 2009-09-11 20:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Logitech
2009-09-11 20:14 . 2009-06-17 16:55 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2009-09-11 20:13 . 2009-07-20 17:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2009-09-11 20:13 . 2009-07-20 17:26 84496 ----a-w- c:\windows\system32\KemXML.dll
2009-09-11 20:13 . 2009-07-20 17:26 117264 ----a-w- c:\windows\system32\KemWnd.dll
2009-09-11 20:13 . 2009-07-20 17:26 145936 ----a-w- c:\windows\system32\KemUtil.dll
2009-09-11 20:13 . 2009-07-20 17:26 170512 ----a-w- c:\windows\system32\kemutb.dll
2009-09-11 20:13 . 2009-09-11 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-09-11 19:57 . 2009-09-22 12:28 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-11 19:57 . 2009-09-22 12:28 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-11 19:57 . 2009-10-08 18:08 704544 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-11 19:57 . 2009-10-08 18:08 13902368 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-11 19:57 . 2009-09-11 19:57 -------- d-----w- c:\program files\Kaspersky Lab
2009-09-11 12:59 . 2009-09-11 12:59 -------- d-----w- c:\program files\LucasArts
2009-09-09 15:56 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-09 15:51 . 2009-09-13 00:41 -------- d-----w- C:\ToolBar SD
2009-09-08 21:50 . 2009-09-08 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-08 21:50 . 2009-09-08 21:50 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Office Genuine Advantage
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-08 18:08 . 2009-09-11 19:57 4536 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-08 18:08 . 2009-09-11 19:57 114932 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-08 18:07 . 2009-03-21 00:38 -------- d-----w- c:\documents and settings\Administrateur\Application Data\WTablet
2009-10-08 12:28 . 2009-03-18 04:36 -------- d-----w- c:\program files\Steam
2009-10-08 12:26 . 2009-09-06 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-08 04:01 . 2009-09-06 16:42 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
2009-10-08 00:03 . 2009-07-18 00:48 -------- d-----w- c:\program files\NVIDIA Corporation
2009-10-07 12:57 . 2009-03-19 02:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Delivery
2009-10-06 21:39 . 2009-08-08 20:46 -------- d-----w- c:\program files\Trend Micro
2009-10-06 02:27 . 2009-06-23 15:04 -------- d-----w- c:\program files\Free Music Zilla
2009-09-30 04:39 . 2009-03-19 04:53 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Corel
2009-09-30 04:26 . 2009-03-19 04:53 1264 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-29 14:08 . 2009-03-21 04:36 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
2009-09-27 19:40 . 2009-05-22 01:15 -------- d-----w- c:\program files\Electronic Arts
2009-09-19 08:01 . 2009-03-18 02:16 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-19 08:01 . 2009-03-18 02:14 7653824 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-18 00:35 . 2008-01-29 22:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-09-16 02:38 . 2009-09-16 02:38 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-09-16 02:38 . 2004-08-04 05:14 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-09-12 01:40 . 2009-03-18 20:24 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-11 22:04 . 2009-06-23 14:07 -------- d-----w- c:\program files\Foxit Software
2009-09-11 20:29 . 2009-09-08 15:27 -------- d-----w- c:\program files\CCleaner
2009-09-11 20:13 . 2009-07-25 22:23 -------- d-----w- c:\program files\Fichiers communs\Logishrd
2009-09-11 20:13 . 2009-03-18 01:36 -------- d–h--w- c:\program files\InstallShield Installation Information
2009-09-11 20:13 . 2009-03-18 05:01 -------- d-----w- c:\program files\Logitech
2009-09-11 19:17 . 2009-03-22 17:13 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Skype
2009-09-11 19:17 . 2009-03-22 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-11 12:40 . 2001-08-24 12:00 84766 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-11 12:40 . 2001-08-24 12:00 510742 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-08 15:44 . 2009-03-18 05:01 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-09-08 15:36 . 2009-03-18 02:53 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 22:44 . 2009-07-24 03:48 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-02 19:03 . 2009-09-02 19:03 -------- d-----w- c:\documents and settings\Administrateur\Application Data\skypePM
2009-08-25 14:25 . 2009-08-25 14:25 -------- d-----w- c:\documents and settings\Administrateur\Application Data\LEGO Company
2009-08-25 14:23 . 2009-08-25 14:23 -------- d-----w- c:\program files\LEGO Company
2009-08-25 14:10 . 2009-08-25 14:10 -------- d-----w- c:\program files\Unity
2009-08-22 18:11 . 2009-03-19 04:53 91928 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 18:10 . 2009-08-22 18:10 -------- d-----w- c:\program files\Microsoft
2009-08-22 18:10 . 2009-08-22 18:10 -------- d-----w- c:\program files\Windows Live
2009-08-22 18:00 . 2009-08-22 18:00 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-08-22 17:58 . 2009-04-01 01:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-22 17:58 . 2009-08-22 17:58 -------- d-----w- c:\program files\Java
2009-08-22 17:42 . 2009-08-22 17:42 -------- d-----w- c:\program files\FileHippo.com
2009-08-22 00:57 . 2009-08-22 00:56 -------- d-----w- c:\program files\Analog Devices
2009-08-21 03:23 . 2009-03-18 04:56 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-21 03:23 . 2009-03-18 04:56 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-16 22:52 . 2009-08-16 22:52 -------- d-----w- c:\program files\directx
2009-08-14 22:27 . 2009-08-09 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-14 18:36 . 2009-08-14 18:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-07 00:24 . 2009-03-18 01:20 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2009-03-18 01:20 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2009-03-18 01:20 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2008-10-16 20:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2009-03-18 01:20 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-19 22:09 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2009-03-18 01:20 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2009-03-18 20:12 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2009-03-18 01:20 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-07 00:23 . 2008-10-16 20:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:00 . 2004-08-19 22:09 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 20:07 . 2009-08-03 20:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07 . 2009-08-03 20:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07 . 2009-08-03 20:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 21:44 . 2009-07-26 21:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 06:11 . 2009-07-25 19:42 1724416 ----a-w- c:\documents and settings\cpuz_152\cpuz.exe
2009-07-17 19:03 . 2004-08-19 22:09 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 17:29 . 2009-07-25 02:54 4223008 ----a-w- c:\windows\system32\NVStWiz.exe
2009-07-14 04:43 . 2004-08-19 22:09 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.
------- Sigcheck -------
[-] 2009-09-16 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-09-16 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“D-Link AirPlus XtremeG DWL-G520”=“c:\program files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe” [2007-06-21 1327104]
“ANIWZCS2Service”=“c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe” [2007-01-19 49152]
“SoundMAXPnP”=“c:\program files\Analog Devices\Core\smax4pnp.exe” [2007-10-08 1036288]
“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe” [2009-09-11 208616]
“Malwarebytes Anti-Malware (reboot)”=“c:\program files\Malwarebytes’ Anti-Malware\mbam.exe” [2009-09-10 1312080]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2009-09-19 86016]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2009-09-19 13918208]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” - c:\windows\KHALMNPR.Exe [2009-06-17 55824]
c:\documents and settings\All Users\Menu D?marrer\Programmes\D?marrage
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-11 813584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
“NeroFilterCheck”=c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“c:\Program Files\Free Music Zilla\FMZilla.exe”=
“c:\Program Files\Steam\steamapps\common\fallout 3\FalloutLauncher.exe”=
“c:\Program Files\Steam\steamapps\common\world in conflict\wic.exe”=
“c:\Program Files\Steam\steamapps\common\clutch\Clutch.exe”=
“c:\Program Files\Windows Live\Messenger\wlcsdk.exe”=
“c:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“c:\Program Files\Steam\steamapps\common\star wars republic commando\GameData\System\SWRepublicCommando.exe”=
“c:\Program Files\Steam\steamapps\common\swkotor\swkotor.exe”=
“c:\Program Files\Steam\steamapps\common\jedi outcast\GameData\jk2sp.exe”=
“c:\Program Files\Steam\steamapps\common\jedi outcast\GameData\jk2mp.exe”=
“c:\Program Files\Steam\steamapps\common\jedi academy\GameData\jasp.exe”=
“c:\Program Files\Steam\steamapps\common\jedi academy\GameData\jamp.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“7317:TCP”= 7317:TCP:BitComet 7317 TCP
“7317:UDP”= 7317:UDP:BitComet 7317 UDP
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17:29 33808]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11/09/2009 15:14 10384]
R2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [03/01/2006 12:32 241731]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [20/03/2009 19:37 2749224]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [17/03/2009 20:36 547744]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 17:06 24592]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [20/03/2009 19:37 15656]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\system32\rundll32.exe” “c:\windows\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Contenu du dossier ‘Tâches planifiées’
2009-10-08 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-09-11 22:02]
2009-10-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
2009-10-08 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-10-02 22:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = www.yahoo.fr…
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\l76ovl05.default
FF - prefs.js: browser.startup.homepage - m.fr.yahoo.com…
.
-
-
-
- ORPHELINS SUPPRIMES - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-10-08 13:09
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés …
Recherche d’éléments en démarrage automatique cachés …
Recherche de fichiers cachés …
Scan terminé avec succès
Fichiers cachés: 0
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1085031214-1979792683-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
“88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,15,77,d0,c2,26,cb,4c,af,53,b1,
“2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,15,77,d0,c2,26,cb,4c,af,53,b1,\
[HKEY_USERS\S-1-5-21-1085031214-1979792683-839522115-500\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
“??”=hex:45,44,3a,f5,b1,20,14,2e,8c,3c,59,e5,64,5e,73,8d,22,1e,62,a8,1d,c3,45,
48,da,fb,c7,79,7c,de,d8,ea,54,14,5b,df,9a,da,5a,e7,2c,bf,a6,11,54,64,c9,46,
“??”=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c
[HKEY_USERS\S-1-5-21-1085031214-1979792683-839522115-500\Software\SecuROM\License information*]
“datasecu”=hex:28,9b,89,0e,19,bb,98,5e,85,a0,09,19,b1,1c,15,78,f6,03,b4,68,a5,
29,e8,06,8b,cc,76,8c,22,0c,ec,08,54,48,c9,51,9f,d6,25,9f,c8,25,83,23,66,ee,
“rkeysecu”=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”="@c:\windows\system32\Macromed\Flash\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
“Enabled”=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@=“c:\windows\system32\Macromed\Flash\FlashUtil10c.exe”
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker3”
[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
“Version”=“1.0”
.
--------------------- DLLs chargées dans les processus actifs ---------------------
-
-
-
-
-
-
-
‘winlogon.exe’(1632)
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\COMRes.dll
-
-
-
-
-
-
-
‘explorer.exe’(2748)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Panda USB Vaccine\USBVaccine.exe
c:\windows\system32\rundll32.exe
c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\wscntfy.exe
.
.
Heure de fin: 2009-10-08 13:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-08 18:12
Avant-CF: 594 244 587 520 octets libres
Après-CF: 594 101 399 552 octets libres
311 — E O F — 2009-09-11 13:02
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:03, on 08/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\windows\explorer.exe
C:\Program Files\Steam\Steam.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM…\Run: [D-Link AirPlus XtremeG DWL-G520] C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe
O4 - HKLM…\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM…\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe”
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKCU…\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE…
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com…
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com…
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
–
End of file - 5210 bytes