tres UrGent SVP ...merci D'avance
-
Jeanna88
- Novice
- Messages : 47
- Enregistré le : 23 nov. 2008, 17:10
- Configuration matérielle : urgent!!!
Re: tres UrGent SVP ...merci D'avance
alors la fenetre bleu je ne l'ai pa vu juste une fenetre qui me demandé d'executer ou pa lorsque j'ai glissé le CFScript dans comboFix et ensuite je suis allée directemet rechercer C:\ComboFix.txt et j'ai fait un rapport hijackThis et voilà au-dessue ce qui m'a affiché dans le rapport du bloc-notes .
-
bernard53
- Support
- Messages : 3516
- Enregistré le : 25 avr. 2008, 22:05
- Configuration matérielle : Processeur intel 2 duo CPU E6750 2.66GHz
3GO mémoire vive
disque dur samsung 160Go
Re: tres UrGent SVP ...merci D'avance
Mets moi en premier le nouveau rapport de Combofix
Bonne visite sur: http://tuto-b.comli.com/
-
Jeanna88
- Novice
- Messages : 47
- Enregistré le : 23 nov. 2008, 17:10
- Configuration matérielle : urgent!!!
Re: tres UrGent SVP ...merci D'avance
File::
c:\windows\System32\c00E0F4E.mat
c:\windows\System32\c00CEE83.mat
c:\windows\System32\c00CAED2.mat
c:\windows\System32\c00C9BAA.mat
c:\windows\System32\c00A967F.mat
c:\windows\System32\c00A1836.mat
c:\windows\System32\c0074E99.mat
c:\windows\System32\c0061BA2.mat
c:\windows\System32\c004DA21.mat
c:\windows\System32\c002147A.mat
c:\windows\System32\c001A0AE.mat
c:\windows\System32\c00EE8CE.mat
c:\windows\System32\c0052EE2.mat
c:\programdata\gvudklsh
c:\programdata\chkgenapl
c:\users\Public\hotbar.exe
c:\windows\system32\c00ADB6B.mat
c:\windows\system32\c0074E99.mat
c:\windows\system32\c00A967F.mat
c:\windows\system32\c004DA21.mat
c:\windows\system32\c001A0AE.mat
c:\windows\system32\c00E0F4E.mat
c:\windows\system32\c0061BA2.mat
c:\windows\system32\c00CAED2.mat
c:\windows\system32\c002147A.mat
c:\windows\system32\c00CEE83.mat
c:\windows\system32\c00A1836.mat
c:\windows\system32\c00C9BAA.mat
c:\windows\system32\c00F7FF3.mat
c:\windows\system32\c008AEBC.mat
c:\windows\system32\c008283E.mat
c:\windows\system32\c00CCB10.mat
c:\windows\system32\c00E7BDD.mat
c:\windows\system32\c007F6B3.mat
c:\windows\system32\c0090E22.mat
c:\windows\system32\c008501C.mat
c:\windows\system32\c008A18.mat
c:\windows\system32\c0032638.mat
c:\windows\system32\c008128A.mat
c:\windows\system32\c007D331.mat
c:\windows\system32\c0028D04.mat
c:\windows\system32\c00D4B01.mat
c:\windows\system32\c001121E.mat
c:\windows\system32\c004C25A.mat
c:\windows\system32\c00CA190.mat
c:\windows\system32\c0098251.mat
c:\windows\system32\c0049628.mat
c:\windows\system32\c00C42C7.mat
c:\windows\system32\c00AD432.mat
c:\windows\system32\c002B97E.mat
c:\windows\system32\c00DE3D6.mat
c:\windows\system32\c0049A72.mat
c:\windows\system32\c00F05B3.mat
c:\windows\system32\c005BA19.mat
c:\windows\system32\c00A09E0.mat
c:\windows\system32\c0010BD4.mat
c:\windows\system32\c00FB29C.mat
c:\windows\system32\c00CB2F9.mat
c:\windows\system32\c0082532.mat
c:\windows\system32\c00301F4.mat
c:\windows\system32\c0064A9.mat
c:\windows\system32\c0016368.mat
c:\windows\system32\c002104.mat
c:\windows\system32\c00D3910.mat
c:\windows\system32\c00848ED.mat
c:\windows\system32\c001B466.mat
c:\windows\system32\c006A534.mat
c:\windows\system32\c00ADB6B.mat
c:\windows\system32\c00ADB6B.mat
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c00148FE"=-
"c0082240"=-
"c00A6900"=-
"c0059A4A"=-
"c0081AA0"=-
"c00CB729"=-
"c0034D1"=-
"c00E52AA"=-
"c00D14C4"=-
"c00D4C8E"=-
"c00BEB10"=-
"c00A2690"=-
"c0099DD8"=-
"c004772B"=-
"c00EC346"=-
"c005F81E"=-
"c00A8BE9"=-
"c003549C"=-
"c00B156A"=-
"c0076E64"=-
"c0056690"=-
"c007D70"=-
"c0040B99"=-
"c00CA368"=-
"c00992C9"=-
"c0018157"=-
"c0065844"=-
"c009F6E4"=-
"c00E07F8"=-
"c00DC9C3"=-
"c006A3F8"=-
"c00F07C9"=-
"c00CB411"=-
"c005E0F4"=-
"c0039AA8"=-
"c00C68E2"=-
"c0068E3E"=-
"c0028CF1"=-
"c003095E"=-
"c008C650"=-
"c00F5900"=-
"c009B621"=-
"c00E4AB9"=-
"c0012D87"=-
"c0049B2"=-
"c0088490"=-
"c00D62D2"=-
"c001F6C0"=-
"c0036694"=-
"c0059853"=-
"c008CF04"=-
"c00DA4AC"=-
"c00237D8"=-
"c00CC689"=-
"c00281EE"=-
"c00E9624"=-
"c001676B"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c0047749]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c00ADB6B]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
Folders::
c:\programdata\gvudklsh
c:\programdata\chkgenapl
c:\windows\System32\c00E0F4E.mat
c:\windows\System32\c00CEE83.mat
c:\windows\System32\c00CAED2.mat
c:\windows\System32\c00C9BAA.mat
c:\windows\System32\c00A967F.mat
c:\windows\System32\c00A1836.mat
c:\windows\System32\c0074E99.mat
c:\windows\System32\c0061BA2.mat
c:\windows\System32\c004DA21.mat
c:\windows\System32\c002147A.mat
c:\windows\System32\c001A0AE.mat
c:\windows\System32\c00EE8CE.mat
c:\windows\System32\c0052EE2.mat
c:\programdata\gvudklsh
c:\programdata\chkgenapl
c:\users\Public\hotbar.exe
c:\windows\system32\c00ADB6B.mat
c:\windows\system32\c0074E99.mat
c:\windows\system32\c00A967F.mat
c:\windows\system32\c004DA21.mat
c:\windows\system32\c001A0AE.mat
c:\windows\system32\c00E0F4E.mat
c:\windows\system32\c0061BA2.mat
c:\windows\system32\c00CAED2.mat
c:\windows\system32\c002147A.mat
c:\windows\system32\c00CEE83.mat
c:\windows\system32\c00A1836.mat
c:\windows\system32\c00C9BAA.mat
c:\windows\system32\c00F7FF3.mat
c:\windows\system32\c008AEBC.mat
c:\windows\system32\c008283E.mat
c:\windows\system32\c00CCB10.mat
c:\windows\system32\c00E7BDD.mat
c:\windows\system32\c007F6B3.mat
c:\windows\system32\c0090E22.mat
c:\windows\system32\c008501C.mat
c:\windows\system32\c008A18.mat
c:\windows\system32\c0032638.mat
c:\windows\system32\c008128A.mat
c:\windows\system32\c007D331.mat
c:\windows\system32\c0028D04.mat
c:\windows\system32\c00D4B01.mat
c:\windows\system32\c001121E.mat
c:\windows\system32\c004C25A.mat
c:\windows\system32\c00CA190.mat
c:\windows\system32\c0098251.mat
c:\windows\system32\c0049628.mat
c:\windows\system32\c00C42C7.mat
c:\windows\system32\c00AD432.mat
c:\windows\system32\c002B97E.mat
c:\windows\system32\c00DE3D6.mat
c:\windows\system32\c0049A72.mat
c:\windows\system32\c00F05B3.mat
c:\windows\system32\c005BA19.mat
c:\windows\system32\c00A09E0.mat
c:\windows\system32\c0010BD4.mat
c:\windows\system32\c00FB29C.mat
c:\windows\system32\c00CB2F9.mat
c:\windows\system32\c0082532.mat
c:\windows\system32\c00301F4.mat
c:\windows\system32\c0064A9.mat
c:\windows\system32\c0016368.mat
c:\windows\system32\c002104.mat
c:\windows\system32\c00D3910.mat
c:\windows\system32\c00848ED.mat
c:\windows\system32\c001B466.mat
c:\windows\system32\c006A534.mat
c:\windows\system32\c00ADB6B.mat
c:\windows\system32\c00ADB6B.mat
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c00148FE"=-
"c0082240"=-
"c00A6900"=-
"c0059A4A"=-
"c0081AA0"=-
"c00CB729"=-
"c0034D1"=-
"c00E52AA"=-
"c00D14C4"=-
"c00D4C8E"=-
"c00BEB10"=-
"c00A2690"=-
"c0099DD8"=-
"c004772B"=-
"c00EC346"=-
"c005F81E"=-
"c00A8BE9"=-
"c003549C"=-
"c00B156A"=-
"c0076E64"=-
"c0056690"=-
"c007D70"=-
"c0040B99"=-
"c00CA368"=-
"c00992C9"=-
"c0018157"=-
"c0065844"=-
"c009F6E4"=-
"c00E07F8"=-
"c00DC9C3"=-
"c006A3F8"=-
"c00F07C9"=-
"c00CB411"=-
"c005E0F4"=-
"c0039AA8"=-
"c00C68E2"=-
"c0068E3E"=-
"c0028CF1"=-
"c003095E"=-
"c008C650"=-
"c00F5900"=-
"c009B621"=-
"c00E4AB9"=-
"c0012D87"=-
"c0049B2"=-
"c0088490"=-
"c00D62D2"=-
"c001F6C0"=-
"c0036694"=-
"c0059853"=-
"c008CF04"=-
"c00DA4AC"=-
"c00237D8"=-
"c00CC689"=-
"c00281EE"=-
"c00E9624"=-
"c001676B"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c0047749]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c00ADB6B]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
Folders::
c:\programdata\gvudklsh
c:\programdata\chkgenapl
-
Jeanna88
- Novice
- Messages : 47
- Enregistré le : 23 nov. 2008, 17:10
- Configuration matérielle : urgent!!!
Re: tres UrGent SVP ...merci D'avance
ComboFix 08-11-22.02 - KOCHETSIAN 2008-11-23 17:41:17.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.455 [GMT 1:00]
Lancé depuis: c:\users\KOCHETSIAN\Desktop\ComboFix..exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FBrowserAdvisor
c:\program files\FBrowsingAdvisor
c:\program files\FBrowsingAdvisor\IXPCOMEvents.xpt
c:\program files\FBrowsingAdvisor\Logo.png
c:\program files\FBrowsingAdvisor\main.db
c:\program files\FBrowsingAdvisor\unins000.dat
c:\program files\FBrowsingAdvisor\unins000.exe
c:\program files\FBrowsingAdvisor\XPCOMEvents.dll
c:\program files\PlayMP3z
c:\program files\PlayMP3z\uninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-23 au 2008-11-23 ))))))))))))))))))))))))))))))))))))
.
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00E0F4E.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00CEE83.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00CAED2.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00C9BAA.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00A967F.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00A1836.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c0074E99.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c0061BA2.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c004DA21.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c002147A.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c001A0AE.mat
2008-11-23 17:26 . 2008-11-23 17:26 21,152 --ahs---- c:\windows\System32\c00EE8CE.mat
2008-11-23 17:24 . 2008-11-23 17:24 21,152 --ahs---- c:\windows\System32\c0052EE2.mat
2008-11-23 16:09 . 2008-11-23 16:09 <REP> d-------- c:\program files\Trend Micro
2008-11-23 13:54 . 2008-11-23 13:58 <REP> d-------- c:\users\All Users\Lavasoft
2008-11-23 13:54 . 2008-11-23 13:58 <REP> d-------- c:\programdata\Lavasoft
2008-11-23 13:54 . 2008-11-23 13:54 <REP> d-------- c:\program files\Lavasoft
2008-11-23 13:39 . 2008-11-23 13:39 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-23 13:11 . 2008-11-23 15:39 <REP> d--h----- C:\$AVG8.VAULT$
2008-11-23 13:09 . 2008-11-23 13:09 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys
2008-11-23 13:09 . 2008-11-23 13:09 10,520 --a------ c:\windows\System32\avgrsstx.dll
2008-11-23 13:08 . 2008-11-23 13:11 <REP> d-------- c:\windows\System32\drivers\Avg
2008-11-23 13:08 . 2008-11-23 13:08 <REP> d-------- c:\users\All Users\avg8
2008-11-23 13:08 . 2008-11-23 13:08 <REP> d-------- c:\programdata\avg8
2008-11-23 13:08 . 2008-11-23 13:08 <REP> d-------- c:\program files\AVG
2008-11-23 13:08 . 2008-11-23 13:08 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys
2008-11-14 09:58 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-14 09:58 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-14 09:58 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-14 09:58 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-14 09:57 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-14 09:57 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-14 09:57 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-14 09:57 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-14 09:57 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-13 00:12 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-13 00:12 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-13 00:12 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-13 00:12 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-13 00:12 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-01 10:50 . 2008-11-01 10:50 <REP> d-------- c:\users\All Users\hps
2008-11-01 10:50 . 2008-11-01 10:50 <REP> d-------- c:\programdata\hps
2008-11-01 10:48 . 2008-11-01 10:48 <REP> d-------- c:\program files\SNAPFISH
2008-10-30 18:06 . 2008-08-06 04:27 1,244,672 --a------ c:\windows\System32\mcmde.dll
2008-10-30 18:06 . 2008-08-06 04:27 428,032 --a------ c:\windows\System32\EncDec.dll
2008-10-30 18:06 . 2008-08-06 04:27 292,352 --a------ c:\windows\System32\psisdecd.dll
2008-10-30 18:06 . 2008-08-06 04:26 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-30 18:06 . 2008-08-06 04:26 177,152 --a------ c:\windows\System32\mpg2splt.ax
2008-10-30 18:06 . 2008-08-06 04:26 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-30 18:06 . 2008-08-06 04:26 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2008-10-30 18:06 . 2008-08-06 04:26 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-10-30 18:05 . 2008-08-12 04:29 441,856 --a------ c:\windows\System32\win32spl.dll
2008-10-30 18:05 . 2008-08-12 04:29 37,376 --a------ c:\windows\System32\printcom.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 16:50 --------- d-----w c:\program files\Lx_cats
2008-11-23 12:47 --------- d-----w c:\program files\Norton Internet Security
2008-11-23 12:16 --------- d-----w c:\programdata\gvudklsh
2008-11-23 12:15 --------- d-----w c:\programdata\Symantec
2008-11-23 12:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-21 22:32 --------- d-----w c:\users\KOCHETSIAN\AppData\Roaming\LimeWire
2008-11-17 10:24 --------- d-----w c:\programdata\Microsoft Help
2008-10-21 16:34 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 08:30 --------- d-----w c:\program files\Common Files\Adobe
2008-10-21 08:27 --------- d-----w c:\programdata\NOS
2008-10-21 08:25 --------- d-----w c:\program files\Google
2008-10-21 08:24 --------- d-----w c:\program files\NOS
2008-10-21 07:39 --------- d-----w c:\programdata\chkgenapl
2008-10-16 01:09 --------- d-----w c:\program files\Windows Mail
2008-10-14 19:40 --------- d-----w c:\program files\Sun
2008-10-14 19:39 --------- d-----w c:\program files\Java
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-09-26 12:18 --------- d-----w c:\programdata\WLInstaller
2008-09-04 10:14 3,310,392 ----a-w c:\users\Public\hotbar.exe
2008-07-09 15:53 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-17 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-21 171448]
"c00148FE"="c:\users\KOCHETSIAN\AppData\Roaming\c00148FE.mat" [2008-11-23 21152]
"c0082240"="c:\users\KOCHETSIAN\AppData\Roaming\c0082240.mat" [2008-11-23 21152]
"c00A6900"="c:\users\KOCHETSIAN\AppData\Roaming\c00A6900.mat" [2008-11-23 21152]
"c0059A4A"="c:\users\KOCHETSIAN\AppData\Roaming\c0059A4A.mat" [2008-11-23 21152]
"c0081AA0"="c:\users\KOCHETSIAN\AppData\Roaming\c0081AA0.mat" [2008-11-23 21152]
"c00CB729"="c:\users\KOCHETSIAN\AppData\Roaming\c00CB729.mat" [2008-11-23 21152]
"c0034D1"="c:\users\KOCHETSIAN\AppData\Roaming\c0034D1.mat" [2008-11-23 21152]
"c00E52AA"="c:\users\KOCHETSIAN\AppData\Roaming\c00E52AA.mat" [2008-11-23 21152]
"c00D14C4"="c:\users\KOCHETSIAN\AppData\Roaming\c00D14C4.mat" [2008-11-23 21152]
"c00D4C8E"="c:\users\KOCHETSIAN\AppData\Roaming\c00D4C8E.mat" [2008-11-23 21152]
"c00BEB10"="c:\users\KOCHETSIAN\AppData\Roaming\c00BEB10.mat" [2008-11-23 21152]
"c00A2690"="c:\users\KOCHETSIAN\AppData\Roaming\c00A2690.mat" [2008-11-23 21152]
"c0099DD8"="c:\users\KOCHETSIAN\AppData\Roaming\c0099DD8.mat" [2008-11-23 21152]
"c004772B"="c:\users\KOCHETSIAN\AppData\Roaming\c004772B.mat" [2008-11-23 21152]
"c00EC346"="c:\users\KOCHETSIAN\AppData\Roaming\c00EC346.mat" [2008-11-23 21152]
"c005F81E"="c:\users\KOCHETSIAN\AppData\Roaming\c005F81E.mat" [2008-11-23 21152]
"c00A8BE9"="c:\users\KOCHETSIAN\AppData\Roaming\c00A8BE9.mat" [2008-11-23 21152]
"c003549C"="c:\users\KOCHETSIAN\AppData\Roaming\c003549C.mat" [2008-11-23 21152]
"c00B156A"="c:\users\KOCHETSIAN\AppData\Roaming\c00B156A.mat" [2008-11-23 21152]
"c0076E64"="c:\users\KOCHETSIAN\AppData\Roaming\c0076E64.mat" [2008-11-23 21152]
"c0056690"="c:\users\KOCHETSIAN\AppData\Roaming\c0056690.mat" [2008-11-23 21152]
"c007D70"="c:\users\KOCHETSIAN\AppData\Roaming\c007D70.mat" [2008-11-23 21152]
"c0040B99"="c:\users\KOCHETSIAN\AppData\Roaming\c0040B99.mat" [2008-11-23 21152]
"c00CA368"="c:\users\KOCHETSIAN\AppData\Roaming\c00CA368.mat" [2008-11-23 21152]
"c00992C9"="c:\users\KOCHETSIAN\AppData\Roaming\c00992C9.mat" [2008-11-23 21152]
"c0018157"="c:\users\KOCHETSIAN\AppData\Roaming\c0018157.mat" [2008-11-23 21152]
"c0065844"="c:\users\KOCHETSIAN\AppData\Roaming\c0065844.mat" [2008-11-23 21152]
"c009F6E4"="c:\users\KOCHETSIAN\AppData\Roaming\c009F6E4.mat" [2008-11-23 21152]
"c00E07F8"="c:\users\KOCHETSIAN\AppData\Roaming\c00E07F8.mat" [2008-11-23 21152]
"c00DC9C3"="c:\users\KOCHETSIAN\AppData\Roaming\c00DC9C3.mat" [2008-11-23 21152]
"c006A3F8"="c:\users\KOCHETSIAN\AppData\Roaming\c006A3F8.mat" [2008-11-23 21152]
"c00F07C9"="c:\users\KOCHETSIAN\AppData\Roaming\c00F07C9.mat" [2008-11-23 21152]
"c00CB411"="c:\users\KOCHETSIAN\AppData\Roaming\c00CB411.mat" [2008-11-23 21152]
"c005E0F4"="c:\users\KOCHETSIAN\AppData\Roaming\c005E0F4.mat" [2008-11-23 21152]
"c0039AA8"="c:\users\KOCHETSIAN\AppData\Roaming\c0039AA8.mat" [2008-11-23 21152]
"c00C68E2"="c:\users\KOCHETSIAN\AppData\Roaming\c00C68E2.mat" [2008-11-23 21152]
"c0068E3E"="c:\users\KOCHETSIAN\AppData\Roaming\c0068E3E.mat" [2008-11-23 21152]
"c0028CF1"="c:\users\KOCHETSIAN\AppData\Roaming\c0028CF1.mat" [2008-11-23 21152]
"c003095E"="c:\users\KOCHETSIAN\AppData\Roaming\c003095E.mat" [2008-11-23 21152]
"c008C650"="c:\users\KOCHETSIAN\AppData\Roaming\c008C650.mat" [2008-11-23 21152]
"c00F5900"="c:\users\KOCHETSIAN\AppData\Roaming\c00F5900.mat" [2008-11-23 21152]
"c009B621"="c:\users\KOCHETSIAN\AppData\Roaming\c009B621.mat" [2008-11-23 21152]
"c00E4AB9"="c:\users\KOCHETSIAN\AppData\Roaming\c00E4AB9.mat" [2008-11-23 21152]
"c0012D87"="c:\users\KOCHETSIAN\AppData\Roaming\c0012D87.mat" [2008-11-23 21152]
"c0049B2"="c:\users\KOCHETSIAN\AppData\Roaming\c0049B2.mat" [2008-11-23 21152]
"c0088490"="c:\users\KOCHETSIAN\AppData\Roaming\c0088490.mat" [2008-11-23 21152]
"c00D62D2"="c:\users\KOCHETSIAN\AppData\Roaming\c00D62D2.mat" [2008-11-23 21152]
"c001F6C0"="c:\users\KOCHETSIAN\AppData\Roaming\c001F6C0.mat" [2008-11-23 21152]
"c0036694"="c:\users\KOCHETSIAN\AppData\Roaming\c0036694.mat" [2008-11-23 21152]
"c0059853"="c:\users\KOCHETSIAN\AppData\Roaming\c0059853.mat" [2008-11-23 21152]
"c008CF04"="c:\users\KOCHETSIAN\AppData\Roaming\c008CF04.mat" [2008-11-23 21152]
"c00DA4AC"="c:\users\KOCHETSIAN\AppData\Roaming\c00DA4AC.mat" [2008-11-23 21152]
"c00237D8"="c:\users\KOCHETSIAN\AppData\Roaming\c00237D8.mat" [2008-11-23 21152]
"c00CC689"="c:\users\KOCHETSIAN\AppData\Roaming\c00CC689.mat" [2008-11-23 21152]
"c00281EE"="c:\users\KOCHETSIAN\AppData\Roaming\c00281EE.mat" [2008-11-23 21152]
"c00E9624"="c:\users\KOCHETSIAN\AppData\Roaming\c00E9624.mat" [2008-11-23 21152]
"c001676B"="c:\users\KOCHETSIAN\AppData\Roaming\c001676B.mat" [2008-11-23 21152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 107112]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-11-21 22696]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-05-31 326440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-23 1234712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 c:\windows\RtHDVCpl.exe]
c:\users\KOCHETSIAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-08-19 21504]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-07-10 535336]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c0047749]
2008-11-23 17:23 21152 c:\windows\System32\c0047749.mat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c00ADB6B]
2008-11-23 17:23 21152 c:\windows\System32\c00ADB6B.mat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\c00ADB6B.mat
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3815E209-4DF2-4CF0-964F-63927FBFE08A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0C32ACE3-DA1F-469C-8D0C-C4C84671DB56}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9AB5D548-055F-46CC-AEBD-1CE92040AD12}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{502682E7-90CF-4F26-BE2C-4F130217E089}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{C813634F-E083-42C3-8D99-43CCF431AB68}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{9748B18D-317B-4A5D-BC20-2D901242E061}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{4F268D44-BCDD-41BF-ADE1-48D7DE77657C}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{16D8DD22-0B97-4C7B-9FCA-950951B0419E}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{1559055D-B1E4-4576-B221-EC793993CEC3}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{C4D5D04F-52D7-477F-8580-47D2D1027AAB}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{11972C48-DE48-43F8-9810-5799477DD221}"= UDP:c:\windows\System32\lxctcoms.exe:Lexmark Communications System
"{24B3ADCE-9BAF-4D33-B32C-8827D8600A1E}"= TCP:c:\windows\System32\lxctcoms.exe:Lexmark Communications System
"{D940F122-4144-4CEC-9004-CF79EC4BCE37}"= UDP:c:\program files\Lexmark 5400 Series\lxctmon.exe:Device Monitor
"{C767F581-258E-410D-A4E6-93DCEE5BF88F}"= TCP:c:\program files\Lexmark 5400 Series\lxctmon.exe:Device Monitor
"{92C8C310-9BCB-4D1A-A787-92E305D9DB47}"= UDP:c:\program files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{EC612D7B-6318-4980-926C-A2AC0CC45718}"= TCP:c:\program files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{F4AC808C-BC1F-458B-ACCB-6399C978C1A0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5A3B8A4C-9CA5-406C-ACF7-F8E4509A7476}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{6135D568-1B14-41E9-8ED7-2BA6543B1F6B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{364CC453-C577-463B-AB20-C415F65286F1}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{21FD40DB-A3F8-4DCF-B0F7-4A5859DECCC8}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{0506DBD2-8448-4366-A74E-C640D8082ED2}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{B765C305-95CE-454B-ADE8-F20EA7B5C1D1}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{95A63C58-A16B-408D-8DBF-48D94CE5617F}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{064BA21B-26C5-441B-AFD6-837E40752FCD}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{C0951CD0-29D6-4427-BF73-3C2BB13AC884}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{2CD5CC9E-AF3A-4C8A-B913-15EAAA2CA2AF}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{14C42A1D-5805-44DD-BBA8-73DF02519C3A}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{ADC48264-15D1-4CA4-AFD8-1238C440B7AE}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-23 97928]
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2007-07-10 202872]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-09-25 2929664]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-11-23 69128]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-07-10 46592]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2006-11-21 37008]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-07-10 454520]
*Newly Created Service* - COMHOST
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-chkgenapl - c:\programdata\chkgenapl\xcnofgzc.exe
HKCU-Run-Lsass Service - c:\users\KOCHETSIAN\AppData\Roaming\Microsoft\Windows\lsass.exe
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Apanel - c:\acersw\config\NewSetApanel.cmd
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
Notify-c0012D87 - c0012D87.mat
Notify-c00148FE - c00148FE.mat
Notify-c001676B - c001676B.mat
Notify-c0018157 - c0018157.mat
Notify-c001F6C0 - c001F6C0.mat
Notify-c00237D8 - c00237D8.mat
Notify-c00281EE - c00281EE.mat
Notify-c0028CF1 - c0028CF1.mat
Notify-c003095E - c003095E.mat
Notify-c0034D1 - c0034D1.mat
Notify-c003549C - c003549C.mat
Notify-c0036694 - c0036694.mat
Notify-c0039AA8 - c0039AA8.mat
Notify-c0040B99 - c0040B99.mat
Notify-c004772B - c004772B.mat
Notify-c0049B2 - c0049B2.mat
Notify-c0056690 - c0056690.mat
Notify-c0059853 - c0059853.mat
Notify-c0059A4A - c0059A4A.mat
Notify-c005E0F4 - c005E0F4.mat
Notify-c005F81E - c005F81E.mat
Notify-c0065844 - c0065844.mat
Notify-c0068E3E - c0068E3E.mat
Notify-c006A3F8 - c006A3F8.mat
Notify-c0076E64 - c0076E64.mat
Notify-c0081AA0 - c0081AA0.mat
Notify-c0082240 - c0082240.mat
Notify-c0088490 - c0088490.mat
Notify-c008C650 - c008C650.mat
Notify-c008CF04 - c008CF04.mat
Notify-c00992C9 - c00992C9.mat
Notify-c0099DD8 - c0099DD8.mat
Notify-c009B621 - c009B621.mat
Notify-c009F6E4 - c009F6E4.mat
Notify-c00A2690 - c00A2690.mat
Notify-c00A6900 - c00A6900.mat
Notify-c00A8BE9 - c00A8BE9.mat
Notify-c00B156A - c00B156A.mat
Notify-c00BEB10 - c00BEB10.mat
Notify-c00C68E2 - c00C68E2.mat
Notify-c00CA368 - c00CA368.mat
Notify-c00CB411 - c00CB411.mat
Notify-c00CB729 - c00CB729.mat
Notify-c00CC689 - c00CC689.mat
Notify-c00D14C4 - c00D14C4.mat
Notify-c00D4C8E - c00D4C8E.mat
Notify-c00D62D2 - c00D62D2.mat
Notify-c00DA4AC - c00DA4AC.mat
Notify-c00DC9C3 - c00DC9C3.mat
Notify-c00E07F8 - c00E07F8.mat
Notify-c00E4AB9 - c00E4AB9.mat
Notify-c00E52AA - c00E52AA.mat
Notify-c00E9624 - c00E9624.mat
Notify-c00EC346 - c00EC346.mat
Notify-c00F07C9 - c00F07C9.mat
Notify-c00F5900 - c00F5900.mat
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 17:50:18
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\KOCHET~1\AppData\Local\Temp\wmplog00.sqm 1394 bytes
c:\users\KOCHET~1\AppData\Local\Temp\WPDNSE
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\c00ADB6B.mat
c:\windows\system32\c0074E99.mat
c:\windows\system32\c00A967F.mat
c:\windows\system32\c004DA21.mat
c:\windows\system32\c001A0AE.mat
c:\windows\system32\c00E0F4E.mat
c:\windows\system32\c0061BA2.mat
c:\windows\system32\c00CAED2.mat
c:\windows\system32\c002147A.mat
c:\windows\system32\c00CEE83.mat
c:\windows\system32\c00A1836.mat
c:\windows\system32\c00C9BAA.mat
c:\windows\system32\c00F7FF3.mat
c:\windows\system32\c008AEBC.mat
c:\windows\system32\c008283E.mat
c:\windows\system32\c00CCB10.mat
c:\windows\system32\c00E7BDD.mat
c:\windows\system32\c007F6B3.mat
c:\windows\system32\c0090E22.mat
c:\windows\system32\c008501C.mat
c:\windows\system32\c008A18.mat
c:\windows\system32\c0032638.mat
c:\windows\system32\c008128A.mat
c:\windows\system32\c007D331.mat
c:\windows\system32\c0028D04.mat
c:\windows\system32\c00D4B01.mat
c:\windows\system32\c001121E.mat
c:\windows\system32\c004C25A.mat
c:\windows\system32\c00CA190.mat
c:\windows\system32\c0098251.mat
c:\windows\system32\c0049628.mat
c:\windows\system32\c00D9E40.mat
c:\windows\system32\c00C42C7.mat
c:\windows\system32\c00AD432.mat
c:\windows\system32\c002B97E.mat
c:\windows\system32\c00DE3D6.mat
c:\windows\system32\c0049A72.mat
c:\windows\system32\c00F05B3.mat
c:\windows\system32\c005BA19.mat
c:\windows\system32\c00A09E0.mat
c:\windows\system32\c0010BD4.mat
c:\windows\system32\c00FB29C.mat
c:\windows\system32\c00CB2F9.mat
c:\windows\system32\c0082532.mat
c:\windows\system32\c00301F4.mat
c:\windows\system32\c0064A9.mat
c:\windows\system32\c0016368.mat
c:\windows\system32\c002104.mat
c:\windows\system32\c00D3910.mat
c:\windows\system32\c00848ED.mat
c:\windows\system32\c001B466.mat
c:\windows\system32\c006A534.mat
- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\c00ADB6B.mat
- - - - - - - > 'Explorer.exe'(4452)
c:\windows\system32\c00ADB6B.mat
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\lxctcoms.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\windows\System32\WUDFHost.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\combofix\hidec.exe
c:\progra~1\AVG\AVG8\avgemc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\System32\conime.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Heure de fin: 2008-11-23 17:57:55 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-23 16:56:30
Avant-CF: 67 485 106 176 octets libres
Après-CF: 67,647,750,144 octets libres
429 --- E O F --- 2008-11-14 09:12:33
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.455 [GMT 1:00]
Lancé depuis: c:\users\KOCHETSIAN\Desktop\ComboFix..exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FBrowserAdvisor
c:\program files\FBrowsingAdvisor
c:\program files\FBrowsingAdvisor\IXPCOMEvents.xpt
c:\program files\FBrowsingAdvisor\Logo.png
c:\program files\FBrowsingAdvisor\main.db
c:\program files\FBrowsingAdvisor\unins000.dat
c:\program files\FBrowsingAdvisor\unins000.exe
c:\program files\FBrowsingAdvisor\XPCOMEvents.dll
c:\program files\PlayMP3z
c:\program files\PlayMP3z\uninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-23 au 2008-11-23 ))))))))))))))))))))))))))))))))))))
.
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00E0F4E.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00CEE83.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00CAED2.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00C9BAA.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00A967F.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00A1836.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c0074E99.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c0061BA2.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c004DA21.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c002147A.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c001A0AE.mat
2008-11-23 17:26 . 2008-11-23 17:26 21,152 --ahs---- c:\windows\System32\c00EE8CE.mat
2008-11-23 17:24 . 2008-11-23 17:24 21,152 --ahs---- c:\windows\System32\c0052EE2.mat
2008-11-23 16:09 . 2008-11-23 16:09 <REP> d-------- c:\program files\Trend Micro
2008-11-23 13:54 . 2008-11-23 13:58 <REP> d-------- c:\users\All Users\Lavasoft
2008-11-23 13:54 . 2008-11-23 13:58 <REP> d-------- c:\programdata\Lavasoft
2008-11-23 13:54 . 2008-11-23 13:54 <REP> d-------- c:\program files\Lavasoft
2008-11-23 13:39 . 2008-11-23 13:39 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-23 13:11 . 2008-11-23 15:39 <REP> d--h----- C:\$AVG8.VAULT$
2008-11-23 13:09 . 2008-11-23 13:09 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys
2008-11-23 13:09 . 2008-11-23 13:09 10,520 --a------ c:\windows\System32\avgrsstx.dll
2008-11-23 13:08 . 2008-11-23 13:11 <REP> d-------- c:\windows\System32\drivers\Avg
2008-11-23 13:08 . 2008-11-23 13:08 <REP> d-------- c:\users\All Users\avg8
2008-11-23 13:08 . 2008-11-23 13:08 <REP> d-------- c:\programdata\avg8
2008-11-23 13:08 . 2008-11-23 13:08 <REP> d-------- c:\program files\AVG
2008-11-23 13:08 . 2008-11-23 13:08 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys
2008-11-14 09:58 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-14 09:58 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-14 09:58 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-14 09:58 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-14 09:57 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-14 09:57 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-14 09:57 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-14 09:57 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-14 09:57 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-13 00:12 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-13 00:12 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-13 00:12 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-13 00:12 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-13 00:12 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-01 10:50 . 2008-11-01 10:50 <REP> d-------- c:\users\All Users\hps
2008-11-01 10:50 . 2008-11-01 10:50 <REP> d-------- c:\programdata\hps
2008-11-01 10:48 . 2008-11-01 10:48 <REP> d-------- c:\program files\SNAPFISH
2008-10-30 18:06 . 2008-08-06 04:27 1,244,672 --a------ c:\windows\System32\mcmde.dll
2008-10-30 18:06 . 2008-08-06 04:27 428,032 --a------ c:\windows\System32\EncDec.dll
2008-10-30 18:06 . 2008-08-06 04:27 292,352 --a------ c:\windows\System32\psisdecd.dll
2008-10-30 18:06 . 2008-08-06 04:26 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-30 18:06 . 2008-08-06 04:26 177,152 --a------ c:\windows\System32\mpg2splt.ax
2008-10-30 18:06 . 2008-08-06 04:26 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-30 18:06 . 2008-08-06 04:26 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2008-10-30 18:06 . 2008-08-06 04:26 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-10-30 18:05 . 2008-08-12 04:29 441,856 --a------ c:\windows\System32\win32spl.dll
2008-10-30 18:05 . 2008-08-12 04:29 37,376 --a------ c:\windows\System32\printcom.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 16:50 --------- d-----w c:\program files\Lx_cats
2008-11-23 12:47 --------- d-----w c:\program files\Norton Internet Security
2008-11-23 12:16 --------- d-----w c:\programdata\gvudklsh
2008-11-23 12:15 --------- d-----w c:\programdata\Symantec
2008-11-23 12:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-21 22:32 --------- d-----w c:\users\KOCHETSIAN\AppData\Roaming\LimeWire
2008-11-17 10:24 --------- d-----w c:\programdata\Microsoft Help
2008-10-21 16:34 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 08:30 --------- d-----w c:\program files\Common Files\Adobe
2008-10-21 08:27 --------- d-----w c:\programdata\NOS
2008-10-21 08:25 --------- d-----w c:\program files\Google
2008-10-21 08:24 --------- d-----w c:\program files\NOS
2008-10-21 07:39 --------- d-----w c:\programdata\chkgenapl
2008-10-16 01:09 --------- d-----w c:\program files\Windows Mail
2008-10-14 19:40 --------- d-----w c:\program files\Sun
2008-10-14 19:39 --------- d-----w c:\program files\Java
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-09-26 12:18 --------- d-----w c:\programdata\WLInstaller
2008-09-04 10:14 3,310,392 ----a-w c:\users\Public\hotbar.exe
2008-07-09 15:53 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-17 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-21 171448]
"c00148FE"="c:\users\KOCHETSIAN\AppData\Roaming\c00148FE.mat" [2008-11-23 21152]
"c0082240"="c:\users\KOCHETSIAN\AppData\Roaming\c0082240.mat" [2008-11-23 21152]
"c00A6900"="c:\users\KOCHETSIAN\AppData\Roaming\c00A6900.mat" [2008-11-23 21152]
"c0059A4A"="c:\users\KOCHETSIAN\AppData\Roaming\c0059A4A.mat" [2008-11-23 21152]
"c0081AA0"="c:\users\KOCHETSIAN\AppData\Roaming\c0081AA0.mat" [2008-11-23 21152]
"c00CB729"="c:\users\KOCHETSIAN\AppData\Roaming\c00CB729.mat" [2008-11-23 21152]
"c0034D1"="c:\users\KOCHETSIAN\AppData\Roaming\c0034D1.mat" [2008-11-23 21152]
"c00E52AA"="c:\users\KOCHETSIAN\AppData\Roaming\c00E52AA.mat" [2008-11-23 21152]
"c00D14C4"="c:\users\KOCHETSIAN\AppData\Roaming\c00D14C4.mat" [2008-11-23 21152]
"c00D4C8E"="c:\users\KOCHETSIAN\AppData\Roaming\c00D4C8E.mat" [2008-11-23 21152]
"c00BEB10"="c:\users\KOCHETSIAN\AppData\Roaming\c00BEB10.mat" [2008-11-23 21152]
"c00A2690"="c:\users\KOCHETSIAN\AppData\Roaming\c00A2690.mat" [2008-11-23 21152]
"c0099DD8"="c:\users\KOCHETSIAN\AppData\Roaming\c0099DD8.mat" [2008-11-23 21152]
"c004772B"="c:\users\KOCHETSIAN\AppData\Roaming\c004772B.mat" [2008-11-23 21152]
"c00EC346"="c:\users\KOCHETSIAN\AppData\Roaming\c00EC346.mat" [2008-11-23 21152]
"c005F81E"="c:\users\KOCHETSIAN\AppData\Roaming\c005F81E.mat" [2008-11-23 21152]
"c00A8BE9"="c:\users\KOCHETSIAN\AppData\Roaming\c00A8BE9.mat" [2008-11-23 21152]
"c003549C"="c:\users\KOCHETSIAN\AppData\Roaming\c003549C.mat" [2008-11-23 21152]
"c00B156A"="c:\users\KOCHETSIAN\AppData\Roaming\c00B156A.mat" [2008-11-23 21152]
"c0076E64"="c:\users\KOCHETSIAN\AppData\Roaming\c0076E64.mat" [2008-11-23 21152]
"c0056690"="c:\users\KOCHETSIAN\AppData\Roaming\c0056690.mat" [2008-11-23 21152]
"c007D70"="c:\users\KOCHETSIAN\AppData\Roaming\c007D70.mat" [2008-11-23 21152]
"c0040B99"="c:\users\KOCHETSIAN\AppData\Roaming\c0040B99.mat" [2008-11-23 21152]
"c00CA368"="c:\users\KOCHETSIAN\AppData\Roaming\c00CA368.mat" [2008-11-23 21152]
"c00992C9"="c:\users\KOCHETSIAN\AppData\Roaming\c00992C9.mat" [2008-11-23 21152]
"c0018157"="c:\users\KOCHETSIAN\AppData\Roaming\c0018157.mat" [2008-11-23 21152]
"c0065844"="c:\users\KOCHETSIAN\AppData\Roaming\c0065844.mat" [2008-11-23 21152]
"c009F6E4"="c:\users\KOCHETSIAN\AppData\Roaming\c009F6E4.mat" [2008-11-23 21152]
"c00E07F8"="c:\users\KOCHETSIAN\AppData\Roaming\c00E07F8.mat" [2008-11-23 21152]
"c00DC9C3"="c:\users\KOCHETSIAN\AppData\Roaming\c00DC9C3.mat" [2008-11-23 21152]
"c006A3F8"="c:\users\KOCHETSIAN\AppData\Roaming\c006A3F8.mat" [2008-11-23 21152]
"c00F07C9"="c:\users\KOCHETSIAN\AppData\Roaming\c00F07C9.mat" [2008-11-23 21152]
"c00CB411"="c:\users\KOCHETSIAN\AppData\Roaming\c00CB411.mat" [2008-11-23 21152]
"c005E0F4"="c:\users\KOCHETSIAN\AppData\Roaming\c005E0F4.mat" [2008-11-23 21152]
"c0039AA8"="c:\users\KOCHETSIAN\AppData\Roaming\c0039AA8.mat" [2008-11-23 21152]
"c00C68E2"="c:\users\KOCHETSIAN\AppData\Roaming\c00C68E2.mat" [2008-11-23 21152]
"c0068E3E"="c:\users\KOCHETSIAN\AppData\Roaming\c0068E3E.mat" [2008-11-23 21152]
"c0028CF1"="c:\users\KOCHETSIAN\AppData\Roaming\c0028CF1.mat" [2008-11-23 21152]
"c003095E"="c:\users\KOCHETSIAN\AppData\Roaming\c003095E.mat" [2008-11-23 21152]
"c008C650"="c:\users\KOCHETSIAN\AppData\Roaming\c008C650.mat" [2008-11-23 21152]
"c00F5900"="c:\users\KOCHETSIAN\AppData\Roaming\c00F5900.mat" [2008-11-23 21152]
"c009B621"="c:\users\KOCHETSIAN\AppData\Roaming\c009B621.mat" [2008-11-23 21152]
"c00E4AB9"="c:\users\KOCHETSIAN\AppData\Roaming\c00E4AB9.mat" [2008-11-23 21152]
"c0012D87"="c:\users\KOCHETSIAN\AppData\Roaming\c0012D87.mat" [2008-11-23 21152]
"c0049B2"="c:\users\KOCHETSIAN\AppData\Roaming\c0049B2.mat" [2008-11-23 21152]
"c0088490"="c:\users\KOCHETSIAN\AppData\Roaming\c0088490.mat" [2008-11-23 21152]
"c00D62D2"="c:\users\KOCHETSIAN\AppData\Roaming\c00D62D2.mat" [2008-11-23 21152]
"c001F6C0"="c:\users\KOCHETSIAN\AppData\Roaming\c001F6C0.mat" [2008-11-23 21152]
"c0036694"="c:\users\KOCHETSIAN\AppData\Roaming\c0036694.mat" [2008-11-23 21152]
"c0059853"="c:\users\KOCHETSIAN\AppData\Roaming\c0059853.mat" [2008-11-23 21152]
"c008CF04"="c:\users\KOCHETSIAN\AppData\Roaming\c008CF04.mat" [2008-11-23 21152]
"c00DA4AC"="c:\users\KOCHETSIAN\AppData\Roaming\c00DA4AC.mat" [2008-11-23 21152]
"c00237D8"="c:\users\KOCHETSIAN\AppData\Roaming\c00237D8.mat" [2008-11-23 21152]
"c00CC689"="c:\users\KOCHETSIAN\AppData\Roaming\c00CC689.mat" [2008-11-23 21152]
"c00281EE"="c:\users\KOCHETSIAN\AppData\Roaming\c00281EE.mat" [2008-11-23 21152]
"c00E9624"="c:\users\KOCHETSIAN\AppData\Roaming\c00E9624.mat" [2008-11-23 21152]
"c001676B"="c:\users\KOCHETSIAN\AppData\Roaming\c001676B.mat" [2008-11-23 21152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 107112]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-11-21 22696]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-05-31 326440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-23 1234712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 c:\windows\RtHDVCpl.exe]
c:\users\KOCHETSIAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-08-19 21504]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-07-10 535336]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c0047749]
2008-11-23 17:23 21152 c:\windows\System32\c0047749.mat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c00ADB6B]
2008-11-23 17:23 21152 c:\windows\System32\c00ADB6B.mat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\c00ADB6B.mat
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3815E209-4DF2-4CF0-964F-63927FBFE08A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0C32ACE3-DA1F-469C-8D0C-C4C84671DB56}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9AB5D548-055F-46CC-AEBD-1CE92040AD12}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{502682E7-90CF-4F26-BE2C-4F130217E089}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{C813634F-E083-42C3-8D99-43CCF431AB68}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{9748B18D-317B-4A5D-BC20-2D901242E061}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{4F268D44-BCDD-41BF-ADE1-48D7DE77657C}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{16D8DD22-0B97-4C7B-9FCA-950951B0419E}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{1559055D-B1E4-4576-B221-EC793993CEC3}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{C4D5D04F-52D7-477F-8580-47D2D1027AAB}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{11972C48-DE48-43F8-9810-5799477DD221}"= UDP:c:\windows\System32\lxctcoms.exe:Lexmark Communications System
"{24B3ADCE-9BAF-4D33-B32C-8827D8600A1E}"= TCP:c:\windows\System32\lxctcoms.exe:Lexmark Communications System
"{D940F122-4144-4CEC-9004-CF79EC4BCE37}"= UDP:c:\program files\Lexmark 5400 Series\lxctmon.exe:Device Monitor
"{C767F581-258E-410D-A4E6-93DCEE5BF88F}"= TCP:c:\program files\Lexmark 5400 Series\lxctmon.exe:Device Monitor
"{92C8C310-9BCB-4D1A-A787-92E305D9DB47}"= UDP:c:\program files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{EC612D7B-6318-4980-926C-A2AC0CC45718}"= TCP:c:\program files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{F4AC808C-BC1F-458B-ACCB-6399C978C1A0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5A3B8A4C-9CA5-406C-ACF7-F8E4509A7476}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{6135D568-1B14-41E9-8ED7-2BA6543B1F6B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{364CC453-C577-463B-AB20-C415F65286F1}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{21FD40DB-A3F8-4DCF-B0F7-4A5859DECCC8}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{0506DBD2-8448-4366-A74E-C640D8082ED2}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{B765C305-95CE-454B-ADE8-F20EA7B5C1D1}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{95A63C58-A16B-408D-8DBF-48D94CE5617F}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{064BA21B-26C5-441B-AFD6-837E40752FCD}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{C0951CD0-29D6-4427-BF73-3C2BB13AC884}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{2CD5CC9E-AF3A-4C8A-B913-15EAAA2CA2AF}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{14C42A1D-5805-44DD-BBA8-73DF02519C3A}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{ADC48264-15D1-4CA4-AFD8-1238C440B7AE}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-23 97928]
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2007-07-10 202872]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-09-25 2929664]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-11-23 69128]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-07-10 46592]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2006-11-21 37008]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-07-10 454520]
*Newly Created Service* - COMHOST
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-chkgenapl - c:\programdata\chkgenapl\xcnofgzc.exe
HKCU-Run-Lsass Service - c:\users\KOCHETSIAN\AppData\Roaming\Microsoft\Windows\lsass.exe
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Apanel - c:\acersw\config\NewSetApanel.cmd
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
Notify-c0012D87 - c0012D87.mat
Notify-c00148FE - c00148FE.mat
Notify-c001676B - c001676B.mat
Notify-c0018157 - c0018157.mat
Notify-c001F6C0 - c001F6C0.mat
Notify-c00237D8 - c00237D8.mat
Notify-c00281EE - c00281EE.mat
Notify-c0028CF1 - c0028CF1.mat
Notify-c003095E - c003095E.mat
Notify-c0034D1 - c0034D1.mat
Notify-c003549C - c003549C.mat
Notify-c0036694 - c0036694.mat
Notify-c0039AA8 - c0039AA8.mat
Notify-c0040B99 - c0040B99.mat
Notify-c004772B - c004772B.mat
Notify-c0049B2 - c0049B2.mat
Notify-c0056690 - c0056690.mat
Notify-c0059853 - c0059853.mat
Notify-c0059A4A - c0059A4A.mat
Notify-c005E0F4 - c005E0F4.mat
Notify-c005F81E - c005F81E.mat
Notify-c0065844 - c0065844.mat
Notify-c0068E3E - c0068E3E.mat
Notify-c006A3F8 - c006A3F8.mat
Notify-c0076E64 - c0076E64.mat
Notify-c0081AA0 - c0081AA0.mat
Notify-c0082240 - c0082240.mat
Notify-c0088490 - c0088490.mat
Notify-c008C650 - c008C650.mat
Notify-c008CF04 - c008CF04.mat
Notify-c00992C9 - c00992C9.mat
Notify-c0099DD8 - c0099DD8.mat
Notify-c009B621 - c009B621.mat
Notify-c009F6E4 - c009F6E4.mat
Notify-c00A2690 - c00A2690.mat
Notify-c00A6900 - c00A6900.mat
Notify-c00A8BE9 - c00A8BE9.mat
Notify-c00B156A - c00B156A.mat
Notify-c00BEB10 - c00BEB10.mat
Notify-c00C68E2 - c00C68E2.mat
Notify-c00CA368 - c00CA368.mat
Notify-c00CB411 - c00CB411.mat
Notify-c00CB729 - c00CB729.mat
Notify-c00CC689 - c00CC689.mat
Notify-c00D14C4 - c00D14C4.mat
Notify-c00D4C8E - c00D4C8E.mat
Notify-c00D62D2 - c00D62D2.mat
Notify-c00DA4AC - c00DA4AC.mat
Notify-c00DC9C3 - c00DC9C3.mat
Notify-c00E07F8 - c00E07F8.mat
Notify-c00E4AB9 - c00E4AB9.mat
Notify-c00E52AA - c00E52AA.mat
Notify-c00E9624 - c00E9624.mat
Notify-c00EC346 - c00EC346.mat
Notify-c00F07C9 - c00F07C9.mat
Notify-c00F5900 - c00F5900.mat
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 17:50:18
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\KOCHET~1\AppData\Local\Temp\wmplog00.sqm 1394 bytes
c:\users\KOCHET~1\AppData\Local\Temp\WPDNSE
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\c00ADB6B.mat
c:\windows\system32\c0074E99.mat
c:\windows\system32\c00A967F.mat
c:\windows\system32\c004DA21.mat
c:\windows\system32\c001A0AE.mat
c:\windows\system32\c00E0F4E.mat
c:\windows\system32\c0061BA2.mat
c:\windows\system32\c00CAED2.mat
c:\windows\system32\c002147A.mat
c:\windows\system32\c00CEE83.mat
c:\windows\system32\c00A1836.mat
c:\windows\system32\c00C9BAA.mat
c:\windows\system32\c00F7FF3.mat
c:\windows\system32\c008AEBC.mat
c:\windows\system32\c008283E.mat
c:\windows\system32\c00CCB10.mat
c:\windows\system32\c00E7BDD.mat
c:\windows\system32\c007F6B3.mat
c:\windows\system32\c0090E22.mat
c:\windows\system32\c008501C.mat
c:\windows\system32\c008A18.mat
c:\windows\system32\c0032638.mat
c:\windows\system32\c008128A.mat
c:\windows\system32\c007D331.mat
c:\windows\system32\c0028D04.mat
c:\windows\system32\c00D4B01.mat
c:\windows\system32\c001121E.mat
c:\windows\system32\c004C25A.mat
c:\windows\system32\c00CA190.mat
c:\windows\system32\c0098251.mat
c:\windows\system32\c0049628.mat
c:\windows\system32\c00D9E40.mat
c:\windows\system32\c00C42C7.mat
c:\windows\system32\c00AD432.mat
c:\windows\system32\c002B97E.mat
c:\windows\system32\c00DE3D6.mat
c:\windows\system32\c0049A72.mat
c:\windows\system32\c00F05B3.mat
c:\windows\system32\c005BA19.mat
c:\windows\system32\c00A09E0.mat
c:\windows\system32\c0010BD4.mat
c:\windows\system32\c00FB29C.mat
c:\windows\system32\c00CB2F9.mat
c:\windows\system32\c0082532.mat
c:\windows\system32\c00301F4.mat
c:\windows\system32\c0064A9.mat
c:\windows\system32\c0016368.mat
c:\windows\system32\c002104.mat
c:\windows\system32\c00D3910.mat
c:\windows\system32\c00848ED.mat
c:\windows\system32\c001B466.mat
c:\windows\system32\c006A534.mat
- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\c00ADB6B.mat
- - - - - - - > 'Explorer.exe'(4452)
c:\windows\system32\c00ADB6B.mat
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\lxctcoms.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\windows\System32\WUDFHost.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\combofix\hidec.exe
c:\progra~1\AVG\AVG8\avgemc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\System32\conime.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Heure de fin: 2008-11-23 17:57:55 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-23 16:56:30
Avant-CF: 67 485 106 176 octets libres
Après-CF: 67,647,750,144 octets libres
429 --- E O F --- 2008-11-14 09:12:33
-
Jeanna88
- Novice
- Messages : 47
- Enregistré le : 23 nov. 2008, 17:10
- Configuration matérielle : urgent!!!
Re: tres UrGent SVP ...merci D'avance
alors? sa te dit quelque chose?
-
bernard53
- Support
- Messages : 3516
- Enregistré le : 25 avr. 2008, 22:05
- Configuration matérielle : Processeur intel 2 duo CPU E6750 2.66GHz
3GO mémoire vive
disque dur samsung 160Go
Re: tres UrGent SVP ...merci D'avance
dis moi as tu bien fait ceci.
Ouvre le Menu Démarrer > Exécuter
Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :
2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :
Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:
Une fenêtre bleue va apparaître et ComboFix vas de nouveau lancer une nouvelle analyse.
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Ensuite mets un nouveau rapport HijackThis.
C'est ce nouveau rapport que je veux stp
Ouvre le Menu Démarrer > Exécuter
Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :
Puis validefsutil file createnew "%userprofile%\desktop\CFScript.txt" 0
2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :
File::
c:\windows\System32\c00E0F4E.mat
c:\windows\System32\c00CEE83.mat
c:\windows\System32\c00CAED2.mat
c:\windows\System32\c00C9BAA.mat
c:\windows\System32\c00A967F.mat
c:\windows\System32\c00A1836.mat
c:\windows\System32\c0074E99.mat
c:\windows\System32\c0061BA2.mat
c:\windows\System32\c004DA21.mat
c:\windows\System32\c002147A.mat
c:\windows\System32\c001A0AE.mat
c:\windows\System32\c00EE8CE.mat
c:\windows\System32\c0052EE2.mat
c:\programdata\gvudklsh
c:\programdata\chkgenapl
c:\users\Public\hotbar.exe
c:\windows\system32\c00ADB6B.mat
c:\windows\system32\c0074E99.mat
c:\windows\system32\c00A967F.mat
c:\windows\system32\c004DA21.mat
c:\windows\system32\c001A0AE.mat
c:\windows\system32\c00E0F4E.mat
c:\windows\system32\c0061BA2.mat
c:\windows\system32\c00CAED2.mat
c:\windows\system32\c002147A.mat
c:\windows\system32\c00CEE83.mat
c:\windows\system32\c00A1836.mat
c:\windows\system32\c00C9BAA.mat
c:\windows\system32\c00F7FF3.mat
c:\windows\system32\c008AEBC.mat
c:\windows\system32\c008283E.mat
c:\windows\system32\c00CCB10.mat
c:\windows\system32\c00E7BDD.mat
c:\windows\system32\c007F6B3.mat
c:\windows\system32\c0090E22.mat
c:\windows\system32\c008501C.mat
c:\windows\system32\c008A18.mat
c:\windows\system32\c0032638.mat
c:\windows\system32\c008128A.mat
c:\windows\system32\c007D331.mat
c:\windows\system32\c0028D04.mat
c:\windows\system32\c00D4B01.mat
c:\windows\system32\c001121E.mat
c:\windows\system32\c004C25A.mat
c:\windows\system32\c00CA190.mat
c:\windows\system32\c0098251.mat
c:\windows\system32\c0049628.mat
c:\windows\system32\c00C42C7.mat
c:\windows\system32\c00AD432.mat
c:\windows\system32\c002B97E.mat
c:\windows\system32\c00DE3D6.mat
c:\windows\system32\c0049A72.mat
c:\windows\system32\c00F05B3.mat
c:\windows\system32\c005BA19.mat
c:\windows\system32\c00A09E0.mat
c:\windows\system32\c0010BD4.mat
c:\windows\system32\c00FB29C.mat
c:\windows\system32\c00CB2F9.mat
c:\windows\system32\c0082532.mat
c:\windows\system32\c00301F4.mat
c:\windows\system32\c0064A9.mat
c:\windows\system32\c0016368.mat
c:\windows\system32\c002104.mat
c:\windows\system32\c00D3910.mat
c:\windows\system32\c00848ED.mat
c:\windows\system32\c001B466.mat
c:\windows\system32\c006A534.mat
c:\windows\system32\c00ADB6B.mat
c:\windows\system32\c00ADB6B.mat
Registry ::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c00148FE"=-
"c0082240"=-
"c00A6900"=-
"c0059A4A"=-
"c0081AA0"=-
"c00CB729"=-
"c0034D1"=-
"c00E52AA"=-
"c00D14C4"=-
"c00D4C8E"=-
"c00BEB10"=-
"c00A2690"=-
"c0099DD8"=-
"c004772B"=-
"c00EC346"=-
"c005F81E"=-
"c00A8BE9"=-
"c003549C"=-
"c00B156A"=-
"c0076E64"=-
"c0056690"=-
"c007D70"=-
"c0040B99"=-
"c00CA368"=-
"c00992C9"=-
"c0018157"=-
"c0065844"=-
"c009F6E4"=-
"c00E07F8"=-
"c00DC9C3"=-
"c006A3F8"=-
"c00F07C9"=-
"c00CB411"=-
"c005E0F4"=-
"c0039AA8"=-
"c00C68E2"=-
"c0068E3E"=-
"c0028CF1"=-
"c003095E"=-
"c008C650"=-
"c00F5900"=-
"c009B621"=-
"c00E4AB9"=-
"c0012D87"=-
"c0049B2"=-
"c0088490"=-
"c00D62D2"=-
"c001F6C0"=-
"c0036694"=-
"c0059853"=-
"c008CF04"=-
"c00DA4AC"=-
"c00237D8"=-
"c00CC689"=-
"c00281EE"=-
"c00E9624"=-
"c001676B"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c0047749]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c00ADB6B]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
Folders::
c:\programdata\gvudklsh
c:\programdata\chkgenapl
Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:
Une fenêtre bleue va apparaître et ComboFix vas de nouveau lancer une nouvelle analyse.
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Ensuite mets un nouveau rapport HijackThis.
C'est ce nouveau rapport que je veux stp
Modifié en dernier par bernard53 le 23 nov. 2008, 20:11, modifié 2 fois.
Bonne visite sur: http://tuto-b.comli.com/
-
Jeanna88
- Novice
- Messages : 47
- Enregistré le : 23 nov. 2008, 17:10
- Configuration matérielle : urgent!!!
Re: tres UrGent SVP ...merci D'avance
je fait sa desuite
-
Jeanna88
- Novice
- Messages : 47
- Enregistré le : 23 nov. 2008, 17:10
- Configuration matérielle : urgent!!!
Re: tres UrGent SVP ...merci D'avance
ben la je viens de refaire un nouveau rapport et après avoir glisser le CFScript dans combofix il ne me mets plus le rapport j'ai même cherché dans C:\ComboFix.txt sa n'y est pas
-
bernard53
- Support
- Messages : 3516
- Enregistré le : 25 avr. 2008, 22:05
- Configuration matérielle : Processeur intel 2 duo CPU E6750 2.66GHz
3GO mémoire vive
disque dur samsung 160Go
Re: tres UrGent SVP ...merci D'avance
Est ce que l'analyse c'est bien lancée comme la première fois 
Bonne visite sur: http://tuto-b.comli.com/
-
Jeanna88
- Novice
- Messages : 47
- Enregistré le : 23 nov. 2008, 17:10
- Configuration matérielle : urgent!!!
Re: tres UrGent SVP ...merci D'avance
oui...j'ai fais comme tu m'as dit de faire j'ai inserer fsutil file createnew "%userprofile%\desktop\CFScript.txt" 0 puis 2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation : et puis j'ai copier la citation et dès que je le glisse dans combofixe il m'affiche le petit truc en vert qui se remplie et c'est tout il m'affiche plus rien après même qauand je vaus cherché dans C:\ComboFix.txt c'est l'ancien qu'il m'affiche qui date d'aujourd'hui mais de 17:58h (la première fois que je l'ai faite quoi)
-
bernard53
- Support
- Messages : 3516
- Enregistré le : 25 avr. 2008, 22:05
- Configuration matérielle : Processeur intel 2 duo CPU E6750 2.66GHz
3GO mémoire vive
disque dur samsung 160Go
Re: tres UrGent SVP ...merci D'avance
bon fait ceci.
Supprime ComboFix en faisant ceci :
Menu Démarrer --> Exécuter --> saisie ensuite ceci et valide :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe et relance le CFScript.txt que tu as fait tout a l'heure.
Supprime ComboFix en faisant ceci :
Menu Démarrer --> Exécuter --> saisie ensuite ceci et valide :
Ensuite refait un téléchargement ici."%userprofile%\desktop\combofix.exe" /u
http://download.bleepingcomputer.com/sUBs/ComboFix.exe et relance le CFScript.txt que tu as fait tout a l'heure.
Bonne visite sur: http://tuto-b.comli.com/
-
Jeanna88
- Novice
- Messages : 47
- Enregistré le : 23 nov. 2008, 17:10
- Configuration matérielle : urgent!!!
Re: tres UrGent SVP ...merci D'avance
.
Modifié en dernier par Jeanna88 le 23 nov. 2008, 21:03, modifié 1 fois.
-
Jeanna88
- Novice
- Messages : 47
- Enregistré le : 23 nov. 2008, 17:10
- Configuration matérielle : urgent!!!
Re: tres UrGent SVP ...merci D'avance
je le gliss dans l'icone rouge et ensuite dans acer combofix il n'y est pas y'a juste un dossier vide c'est tout je v devenire folle
-
bernard53
- Support
- Messages : 3516
- Enregistré le : 25 avr. 2008, 22:05
- Configuration matérielle : Processeur intel 2 duo CPU E6750 2.66GHz
3GO mémoire vive
disque dur samsung 160Go
Re: tres UrGent SVP ...merci D'avance
Dis moi tu as bien mis Combofix sur ton bureau et nul part ailleurs
Bonne visite sur: http://tuto-b.comli.com/
-
bernard53
- Support
- Messages : 3516
- Enregistré le : 25 avr. 2008, 22:05
- Configuration matérielle : Processeur intel 2 duo CPU E6750 2.66GHz
3GO mémoire vive
disque dur samsung 160Go
Re: tres UrGent SVP ...merci D'avance
je ne comprends pas cela.
Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe qui est sur ton bureau comme sur la capture:
Une fenêtre bleue va apparaître et ComboFix vas de nouveau lancer une analyse.
Prends ton temps et tout vas bien aller.
tu dois juste faire celaje le gliss dans l'icone rouge et ensuite dans acer combofix il n'y est pas y'a juste un dossier vide c'est tout je v devenire folle
Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe qui est sur ton bureau comme sur la capture:
Une fenêtre bleue va apparaître et ComboFix vas de nouveau lancer une analyse.
Prends ton temps et tout vas bien aller.
Bonne visite sur: http://tuto-b.comli.com/