Okay.
Je vais essayer, mais le réseau refuse de se connecter et Windows 7 me propose de diagnostiquer.
Je te tiens au courant.
Modérateur: Modérateurs
par Imdead » 17 Sep 2012 16:50
par Imdead » 17 Sep 2012 18:38
Farbar Service Scanner Version: 06-08-2012
Ran by pina (administrator) on 17-09-2012 at 19:13:14
Running from "F:\"
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
par zaede » 17 Sep 2012 21:35
par Imdead » 17 Sep 2012 22:36
par Imdead » 18 Sep 2012 15:41
par zaede » 18 Sep 2012 15:51
par Imdead » 18 Sep 2012 16:36
par Imdead » 18 Sep 2012 16:38
par Imdead » 18 Sep 2012 17:12
par Imdead » 18 Sep 2012 17:55
par Imdead » 18 Sep 2012 19:28
par Imdead » 18 Sep 2012 19:54
par zaede » 18 Sep 2012 20:39
par Imdead » 18 Sep 2012 21:08
par Imdead » 18 Sep 2012 21:13
ComboFix 12-09-18.06 - pina 18.09.2012 21:46:36.1.2 - x86
Lancé depuis: c:\users\pina\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\pina\20080428112052375_Samsung_PC_Studio_321_HB6.exe
c:\users\pina\20080428112052375_Samsung_USB_Driver_Installer.exe
c:\windows\system32\bcm696D.tmp
c:\windows\system32\oem52.inf
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-08-18 au 2012-09-18 ))))))))))))))))))))))))))))))))))))
.
.
2012-09-18 19:58 . 2012-09-18 19:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-18 19:14 . 2012-09-18 19:24 -------- d-----w- c:\users\pina\AppData\Roaming\Auslogics
2012-09-18 19:13 . 2012-09-18 19:13 -------- d-----w- c:\program files\Auslogics
2012-09-18 16:36 . 2012-09-18 16:36 -------- d-----w- c:\users\pina\AppData\Roaming\Avira
2012-09-18 16:18 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-18 16:18 . 2011-07-21 10:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-09-18 16:18 . 2012-09-18 16:18 -------- d-----w- c:\programdata\Avira
2012-09-18 16:18 . 2012-09-18 16:18 -------- d-----w- c:\program files\Avira
2012-09-18 16:15 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{618DE024-8791-4375-BFEB-57C1E07C1DBB}\mpengine.dll
2012-09-18 14:50 . 2012-09-18 14:51 17531 ----a-w- c:\windows\bcm5917.tmp
2012-09-18 14:30 . 2012-09-18 14:30 -------- d-----w- c:\program files\Cisco
2012-09-18 14:25 . 2012-09-18 14:50 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-09-18 14:25 . 2012-09-18 14:25 3764800 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-09-18 14:25 . 2012-09-18 14:25 3872056 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-09-18 14:25 . 2012-09-18 14:25 3560760 ----a-w- c:\windows\system32\bcmihvui.dll
2012-09-18 14:25 . 2012-09-18 14:25 -------- d-----w- c:\users\pina\AppData\Roaming\InstallShield
2012-09-18 14:18 . 2012-09-18 14:18 -------- d-----w- c:\program files\Lavalys
2012-09-14 02:10 . 2012-09-14 02:10 -------- d-----w- c:\users\pina\AppData\Roaming\TuneUp Software
2012-09-14 02:09 . 2012-09-18 19:15 -------- d-----w- c:\programdata\TuneUp Software
2012-09-14 02:09 . 2012-09-14 02:09 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-09-14 01:28 . 2012-09-14 01:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-10 16:24 . 2012-09-18 19:59 -------- d-----w- c:\users\pina\AppData\Local\Temp
2012-09-10 15:45 . 2012-09-11 15:07 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2012-09-09 12:14 . 2012-09-11 15:07 -------- d-----w- c:\program files\ZHPDiag
2012-09-09 12:14 . 2012-09-11 15:02 -------- d-----w- C:\ZHP
2012-09-09 11:43 . 2012-09-09 11:43 -------- d-----w- C:\found.001
2012-09-09 11:05 . 2012-09-09 11:05 -------- d-----w- c:\users\pina\AppData\Roaming\Malwarebytes
2012-09-09 11:05 . 2012-09-18 17:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-09 11:05 . 2012-09-09 11:05 -------- d-----w- c:\programdata\Malwarebytes
2012-09-09 11:05 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-18 14:25 . 2008-09-26 23:20 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-08-21 09:13 . 2012-07-10 20:08 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-08-14 22:34 . 2012-07-26 12:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 22:34 . 2012-07-26 12:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 08:46 . 2012-08-02 08:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-27 09:15 . 2012-07-27 09:15 2141968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-11 09:54 . 2012-07-11 09:54 161792 ----a-w- c:\windows\system32\msls31.dll
2012-07-11 09:54 . 2012-07-11 09:54 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-07-11 09:54 . 2012-07-11 09:54 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-07-11 09:54 . 2012-07-11 09:54 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-07-11 09:54 . 2012-07-11 09:54 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-07-11 09:54 . 2012-07-11 09:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-07-11 09:54 . 2012-07-11 09:54 367104 ----a-w- c:\windows\system32\html.iec
2012-07-11 09:54 . 2012-07-11 09:54 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-07-11 09:54 . 2012-07-11 09:54 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-07-11 09:54 . 2012-07-11 09:54 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-11 09:54 . 2012-07-11 09:54 152064 ----a-w- c:\windows\system32\wextract.exe
2012-07-11 09:54 . 2012-07-11 09:54 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-07-11 09:54 . 2012-07-11 09:54 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-07-11 09:54 . 2012-07-11 09:54 11776 ----a-w- c:\windows\system32\mshta.exe
2012-07-11 09:54 . 2012-07-11 09:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-07-11 09:54 . 2012-07-11 09:54 101888 ----a-w- c:\windows\system32\admparse.dll
2012-07-04 14:02 . 2012-08-16 01:04 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-29 00:16 . 2012-08-16 01:05 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-16 01:05 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-16 01:05 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 01:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 01:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2011-11-16 366024]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Facebook Update"="c:\users\pina\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"Sunrise"="c:\program files\Sunrise\bin\sprtcmd.exe" [2008-06-27 202016]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2010-05-02 247152]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\15244245.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1535946180-3391241116-4035417578-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*Deregistered* - TuneUpUtilitiesDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2012-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 22:34]
.
2012-09-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1535946180-3391241116-4035417578-1000Core.job
- c:\users\pina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-07 23:03]
.
2012-09-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1535946180-3391241116-4035417578-1000UA.job
- c:\users\pina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-07 23:03]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 15:14]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 15:14]
.
2012-09-18 c:\windows\Tasks\HPCeeScheduleForpina.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-07-02 13:14]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://mystart.incredimail.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_ch&c=83&bd=Pavilion&pf=cnnb
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 91.233.182.2 194.230.1.39
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKU-Default-RunOnce-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-18 21:58
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2012-09-18 22:09:29
ComboFix-quarantined-files.txt 2012-09-18 20:09
.
Avant-CF: 160'459'403'264 octets libres
Après-CF: 160'382'136'320 octets libres
.
- - End Of File - - 72D5AFE2650AD82C9FB9451B6AC8796E
par Imdead » 18 Sep 2012 21:20
par zaede » 18 Sep 2012 21:24
par Imdead » 18 Sep 2012 21:36
2012-08-14 22:34 . 2012-07-26 12:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 22:34 . 2012-07-26 12:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe